John Chen wrote:
Hi,
We have installed a third-party software running on tomcat. Is there
anyway to decouple tomcat authentication and authorization? We have to
use AD for authentication and we are not encouraged to add groups to AD
just for the new software.
Any help would be appreciated.
Since you said any, here is mine :
I think you want to look at the following 2 things :
1) search Google for "tomcat +securityfilter"
2) http://www.ioplex.com, look at Jespa
As I understand it,
- Jespa will allow you to authenticate users based on their Windows
Domain login
- securityfilter should then allow you to allow access or not, based on
that prior authentication
(and, basically, you do not use Tomcat realm-based AAA)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
