Hi,
I'm still not satisfied with the options so far and I'm sure I do not fully
understand it:
Although the valve works in that I can set the principal on the catalina
request, realm.authenticate("username","credentials") within the valve is not
actually passing anything to my JAAS login module although the login module is
being used. Therefore, I can not currently authenticate the user within the
JAAS module correctly as there appears to be no data passed from the valve.
Also, if I use the valve then what is the point of the servlet using
LoginContext.login()?
If I choose not to use a valve then I appear to not have any access to the
request object within JAAS.
Even if I use org.apache.catalina.realm.JAASCallbackHandler, I do not get
access to the request. So how are you able to add the principal to the request
like you can do with the valve?
SecurityFilter not an option as it does not support SSO.
Thanks for the comments so far.
>
> Using a Valve will give you access to the the internal
> model of the
> request, so you can set Principals etc.
>
> I had the impression that a full JAAS implementation gave
> you access to
> the request and enabled the use of a Realm, but maybe it
> isn't what you
> need.
>
> The SecurityFilter project might be worth a look, before
> you commit to
> rolling your own.
>
>
> p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
