I mean to say - the "type" of realm is irrelevant. I've tested this strategy using a JNDIRealm with LDAP, a MemoryRealm with tomcat-users.xml, a JDBCRealm with MySQL/Oracle, and even a JAASRealm that talks to NT - works fine with all and should be portable to other appservers. If you extend a Tomcat class and create your own authenticator - you'll have to add tomcat jars to your project.
HTH, Matt > -----Original Message----- > From: Raible, Matt > Sent: Friday, March 21, 2003 4:12 PM > To: 'Tomcat Users List' > Subject: RE: Custom JDBCRealm > > > Nope, I just use form-based authentication - the realm is > irrelevant. I > call request.getRemoteUser() to get the user's information > and then look it > up in a database (could be ldap). Tomcat does the > authorization for me. > > > -----Original Message----- > > From: awc [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 21, 2003 3:06 PM > > To: Tomcat Users List > > Subject: Re: Custom JDBCRealm > > > > > > may be this is dumb question. So do you run two filters? one > > for authticate and > > to check authorization and other to load the customo objects?? > > > > Thanks Matt.. > > > > .anil > > > > // user authenticated, empty user object > > if ((username != null) && (userForm == null)) { > > ses = getSession(); > > > > UserManager mgr = > > new UserManagerImpl((String) > > ctx.getAttribute(Constants.DAO_TYPE)); > > UserForm user = mgr.getUser(ses, username); > > session.setAttribute(Constants.USER_KEY, user); > > > > > > > > > > > > > > > > "Raible, Matt" wrote: > > > > > Why not just add a filter that has the same <url-pattern> > > as your protected > > > resource. I do this, and if there's not a user object in > > the session, I > > > populate it from a database. > > > > > > Example at http://tinyurl.com/7xb1 > > > > > > HTH, > > > > > > Matt > > > > > > > -----Original Message----- > > > > From: awc [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, March 21, 2003 2:42 PM > > > > To: 'Tomcat Users List' > > > > Subject: Custom JDBCRealm > > > > > > > > > > > > Hi, > > > > > > > > I want to add more stuff to user session while user logs > > in. The only > > > > way I see to do this is to write custom JDBCRealm class > > which extnds > > > > org.apache.catalina.realm.JDBCRealm or implement > > > > org.apache.catalina.realm.RealmBase class. > > > > > > > > This custom class will have more initializing > parameters too. Any > > > > thoughts on this from one who already did sort of thing?? > > > > > > > > I am going to use this one with securityFilere from > > > > www.securityfilter.org. > > > > > > > > Thank you in advance for any replies. > > > > > > > > .anil > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
