"Oliver Wulff" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] com... > > > > > > The problem with filters is: > >>> > The problem is that the security contrains are evaluated before the > filter. So I guess that you may have to implement that what you want to > achive with the constraints on your own. (Or you have to configure apache > to do it, and this way omit the constraints from tomcat.) > > One tomcat specific way to come around that may be a Valve. (It is called > before any filter, but I don't know if it is called before the evaluation > of the constraints)
Explicitly configured Valves are called before implicitly configured Authenticators. Explicitly configured Valves, and Explicitly configured Authenticators depends on the declaration order. > <<< > > I get this information some months ago from Ralph Einfeldt. > Authentication is not part of the J2EE specification. So, if you want to > customize this step, you have to do it individually for each container. > > Oliver > > > > > > "Bill Barker" > <[EMAIL PROTECTED] An: [EMAIL PROTECTED] > e.com> Kopie: > Gesendet von: Thema: Re: JAAS LoginModule ? > news > <[EMAIL PROTECTED] > .org> > > > 30.05.2003 09:06 > Bitte antworten > an "Tomcat Users > List" > > > > > > > Nope. Realms and Authenticators are Tomcat-specific. There are reports on > this list of people using Filters to do much the same thing (i.e. search > the > archives). > > "Eric Chow" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > How can I do if I want to implmenet an Authenicator that can use in any > > other application servers.(JBoss, WebLogic, etc) ? > > > > Eric > > > > > > > > ----- Original Message ----- > > From: "Bill Barker" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, May 30, 2003 11:50 AM > > Subject: Re: JAAS LoginModule ? > > > > > > > It really depends on what you need to do. For the simplest case, you > > > implement your own Realm (public class MyRealm implements > > > org.apache.cataliana.Realm), and configure it in server.xml like > anyother > > > Realm. In TC 4.x, Realms don't have access to the Request/Response: > They > > > just get the login credentials, and are expected to validate them (or > not > > > :). > > > > > > If you need more control on authentication, then you need to implement > a > > > custom Authenticator (public class MyAuthenticator implements > > > Valve,Authenticator). This class gets full control over authenticating > a > > > Request, and can access anything in the Request/Response. You > configure > > it > > > via: > > > <Context path="/myapp" docbase="webapps/myapp"> > > > <Valve className="com.myfirm.mypackage.MyAuthenticator" .... /> > > > </Context> > > > > > > Neither of these (but especially the second) plays well with the admin > > > webapp. > > > > > > "Eric Chow" <[EMAIL PROTECTED]> wrote in message > > > news:[EMAIL PROTECTED] > > > > Hello, > > > > > > > > In Tomcat, we can use container based authorization. > > > > > > > > Those username/password information can be place in a XML files or > use > > > > DBRealm, right ? > > > > > > > > > > > > How can I implement a login module, so that the Web Container will > > called > > > my > > > > module instead of the default login module. > > > > > > > > For example, the following is my login.jsp. > > > > > > > > <form action="j_security_check" method="post" name="fm"> > > > > <input name="j_username"> > > > > <input name="j_password"> > > > > <input type="submit" value="Login"> > > > > </form> > > > > > > > > When the above submit, it will pass to my LoginModule, how can I > > implement > > > > that part? > > > > > > > > Best regards, > > > > Eric > > > > > > > > ========================== > > > > If you know what you are doing, > > > > it is not called RESEARCH! > > > > ========================== > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
