Hello, I am implementing user authentication and authorization on an SSL-secured Web server running Tomcat 4.1 on Debian Linux, using the JAAS interfaces; in addition, am using the vanilla tomcat org.apache.catalina.realm.JAASRealm class. My question is, how would I get the user's session going from my LoginModule in order to get his certificate from the session? By way of more background, I need to authenticate the user based on his common name in the certificate, in an LDAP lookup. thanks in advance!
