I agree with Jean-Francois that the design is less than perfect ;-). You should probably re-think it. However, I'm willing to give you more than enough rope to hang yourself ;-).
1) If your custom Realm is configured under a <Context ...>, then simply have if save an instance of itself into the Session. 2) If not, or otherwise, have it set a request-attribute with itself as the value. "Dinh, Chinh" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks for the response. My situation is like this: > - I created my own Realm for webDAV access. When I launch http://localhost:8080/webdav, it will first call myREalm's authentication(). Within authentication(), I calls some existing authentication class, which returns a USER object (basically, has some application specific user properties). > - After the authentication is successful (from a Log-in Dialog box, for example), it will get to my servlet (in this case, a webDAVservlet). In this webDavServlet, I would like to get the USER object that I stored as a data member in my Realm class. > - That is the reason I want to be able to get the realm object from the servlet. Any advise ? Thanks . - Chinh > Jean-Francois Arcand <[EMAIL PROTECTED]> wrote: > > > Dinh, Chinh wrote: > > >I have a tomcat question for you . > > > > > > > >In Tomcat's server.xml, we define a realm (only ONE) > > > > > > > > > > > >When tomcat starts, I think it will instantiate a realm object of this type . > > > > > > > >I am trying to find a way to access this realm object in my servlet (the servlet that starts after the realm's authentication > > > >succeeds). > > > >There's a method "getRealm()" from org.apache.catalina.core.ContainerBase , but how would we get this ContainerBase ? > > > No. For security reason, a servlet should not have access to any Tomcat > classes. If your app is able to have access to those methods, any > malicious app can also have access and snif the information. > > Why do you want to have access to the realm? > > > > >Does Tomcat have some kind of global object of this type ? > > > > No...and in Tomcat 5,we have enforced the security protection mechanism > so it is mostly impossible to invoke Tomcat internal classes (when the > security manager is turned on) > > > > > > > > >Thank you . Chinh > > > > -- Jeanfrancois > > > > > > > > >--------------------------------- > >Do you Yahoo!? > >SBC Yahoo! DSL - Now only $29.95 per month! > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------- > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
