I had a look at the code and I guess it could be used to do the association but what it seems to be doing is just creating a new Subject and adding the required principal (which I assume has been obtained from the servlet request) to it. If JAASRealm is used this will be a GenericPrincipal which is different to the principal obtained when doing the login (I'm using JBoss in this case). Are there any plans for Tomcat 5 to cache the subjects obtained upon login anywhere ?
Also can you confirm that a valve would be the right place to do this sort of association ? On Fri, 2003-02-07 at 02:30, Jeanfrancois Arcand wrote: > The feature you want has been implemented in Tomcat 5 (not in Tomcat > 4.1.x). > > You can probably port it if you realy needs it (see > >http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java) > > or starts using Tomcat 5. > > -- Jeanfrancois > > > Peter Kelley wrote: > > >I tell a lie, you can't get access to the users session easily from a > >realm's authenticate method. > > > >Perhaps I could write a valve that looks at the request and looks up the > >realm the user belongs to. I could then cache the subjects in the realm > >and run the rest of the pipeline using doAs(subject, xxxx). > > > >This seems awfully low level but I can't see another way. Can anyone > >suggest an alternative ? Surely this problem has been encountered > >before. > > > >On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: > > > > > >>I have set up form based authentication for Tomcat 4.1.18 using the > >>JAASRealm and I am using it to connect to a remote JBoss server. > >>Whenever a new user logs in all of the sessions of the existing users > >>take on the identity of the new user on the EJB server. > >> > >>It appears as if something needs to be done to associate the JAAS > >>subject with the current thread every time a request comes in. I can > >>cache the subject in the session but I'm not sure how to go about doing > >>the association. > >> > >>Any ideas ? > >> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
