The problem with filters is:
>>>
The problem is that the security contrains are evaluated before the
filter. So I guess that you may have to implement that what you want to
achive with the constraints on your own. (Or you have to configure apache
to do it, and this way omit the constraints from tomcat.)
One tomcat specific way to come around that may be a Valve. (It is called
before any filter, but I don't know if it is called before the evaluation
of the constraints)
<<<
I get this information some months ago from Ralph Einfeldt.
Authentication is not part of the J2EE specification. So, if you want to
customize this step, you have to do it individually for each container.
Oliver
"Bill Barker"
<[EMAIL PROTECTED] An: [EMAIL PROTECTED]
e.com> Kopie:
Gesendet von: Thema: Re: JAAS LoginModule ?
news
<[EMAIL PROTECTED]
.org>
30.05.2003 09:06
Bitte antworten
an "Tomcat Users
List"
Nope. Realms and Authenticators are Tomcat-specific. There are reports on
this list of people using Filters to do much the same thing (i.e. search
the
archives).
"Eric Chow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> How can I do if I want to implmenet an Authenicator that can use in any
> other application servers.(JBoss, WebLogic, etc) ?
>
> Eric
>
>
>
> ----- Original Message -----
> From: "Bill Barker" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, May 30, 2003 11:50 AM
> Subject: Re: JAAS LoginModule ?
>
>
> > It really depends on what you need to do. For the simplest case, you
> > implement your own Realm (public class MyRealm implements
> > org.apache.cataliana.Realm), and configure it in server.xml like
anyother
> > Realm. In TC 4.x, Realms don't have access to the Request/Response:
They
> > just get the login credentials, and are expected to validate them (or
not
> > :).
> >
> > If you need more control on authentication, then you need to implement
a
> > custom Authenticator (public class MyAuthenticator implements
> > Valve,Authenticator). This class gets full control over authenticating
a
> > Request, and can access anything in the Request/Response. You
configure
> it
> > via:
> > <Context path="/myapp" docbase="webapps/myapp">
> > <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
> > </Context>
> >
> > Neither of these (but especially the second) plays well with the admin
> > webapp.
> >
> > "Eric Chow" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > Hello,
> > >
> > > In Tomcat, we can use container based authorization.
> > >
> > > Those username/password information can be place in a XML files or
use
> > > DBRealm, right ?
> > >
> > >
> > > How can I implement a login module, so that the Web Container will
> called
> > my
> > > module instead of the default login module.
> > >
> > > For example, the following is my login.jsp.
> > >
> > > <form action="j_security_check" method="post" name="fm">
> > > <input name="j_username">
> > > <input name="j_password">
> > > <input type="submit" value="Login">
> > > </form>
> > >
> > > When the above submit, it will pass to my LoginModule, how can I
> implement
> > > that part?
> > >
> > > Best regards,
> > > Eric
> > >
> > > ==========================
> > > If you know what you are doing,
> > > it is not called RESEARCH!
> > > ==========================
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
