https://issues.apache.org/bugzilla/show_bug.cgi?id=45283
Dr. Albrecht Weinert <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[EMAIL PROTECTED]
--- Comment #4 from Dr. Albrecht Weinert <[EMAIL PROTECTED]> 2008-06-27
00:38:09 PST ---
It seems that two things are discussed here in one plase:
1 multiple authenitcators (this is no comment to hereto)
2 realm chaining
2 is often quite necessary and not (yet?) done in Tomcat.
configurable realm chaining would be the real answer to
"What would be possible would be a realm that uses one method by default and
falls back to a second if the first fails."
Writing such realm is a workaround as e.g. de.a_weinert.realm.ADweRealm
(l)
falls in this category.
It authenticates against an Active Directory using all direct and (multilevel)
indirect groups as roles. If the user is not in the AD (company member) it will
fall back to a simple LDAP/JNDI (for e.g. guest members).
Of course, en lieu of making ADweRealm falling back to a supplementary LDAP it
would be much better to have it being chained (by Tomcat config) to any next
realm.
URLs (javadoc, source, background):
http://www.a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.htm
http://www.a-weinert.de/java/docs/aWeinertBib/de/a_weinert/doc-files/ADweRealm.java
http://www.a-weinert.de/weinert/pub/tomcat-win-ad.pdf (German)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
