Hi, I'm still not satisfied with the options so far and I'm sure I do not fully understand it:
Although the valve works in that I can set the principal on the catalina request, realm.authenticate("username","credentials") within the valve is not actually passing anything to my JAAS login module although the login module is being used. Therefore, I can not currently authenticate the user within the JAAS module correctly as there appears to be no data passed from the valve. Also, if I use the valve then what is the point of the servlet using LoginContext.login()? If I choose not to use a valve then I appear to not have any access to the request object within JAAS. Even if I use org.apache.catalina.realm.JAASCallbackHandler, I do not get access to the request. So how are you able to add the principal to the request like you can do with the valve? SecurityFilter not an option as it does not support SSO. Thanks for the comments so far. > > Using a Valve will give you access to the the internal > model of the > request, so you can set Principals etc. > > I had the impression that a full JAAS implementation gave > you access to > the request and enabled the use of a Realm, but maybe it > isn't what you > need. > > The SecurityFilter project might be worth a look, before > you commit to > rolling your own. > > > p --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org