You can probably port it if you realy needs it (see http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java) or starts using Tomcat 5.
-- Jeanfrancois
Peter Kelley wrote:
I tell a lie, you can't get access to the users session easily from a
realm's authenticate method.
Perhaps I could write a valve that looks at the request and looks up the
realm the user belongs to. I could then cache the subjects in the realm
and run the rest of the pipeline using doAs(subject, xxxx).
This seems awfully low level but I can't see another way. Can anyone
suggest an alternative ? Surely this problem has been encountered
before.
On Thu, 2003-02-06 at 15:43, Peter Kelley wrote:
I have set up form based authentication for Tomcat 4.1.18 using the
JAASRealm and I am using it to connect to a remote JBoss server.
Whenever a new user logs in all of the sessions of the existing users
take on the identity of the new user on the EJB server.
It appears as if something needs to be done to associate the JAAS
subject with the current thread every time a request comes in. I can
cache the subject in the session but I'm not sure how to go about doing
the association.
Any ideas ?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
