RE: [jBoss-Dev] Tomcat Security and JNDI Integration

Mon, 16 Oct 2000 09:55:29 -0700 


> Hi Kevin,
> 
> I'm glad to hear about your work on the integration of Tomcat with 
> jBoss. I can't wait to see it.

Yeah.  I'd like to get it integrated soon to get some feedback on it.

> It's an interesting question, where the jBoss-Tomcat stuff should 
> go. If we put it in the normal hierarchy, we'll need to have all the 
> Tomcmat stuff available during the build. Just to get a discussion 
> going, let me suggest a three-part approach. What do you think 
> about:
> 
> 1. Putting things that depend on both jBoss and Tomcat in a new 
> "tomcat integration" project, or if the code is too compact to merit 
> this treatment, putting it in the "contrib" directory

Interesting.  I would assume that at some point, jBoss will be a J2EE
system with Tomcat as the web container.  I don't like the idea of
contrib, since I think the Tomcat integration (and perhaps distribution)
should eventually be part of the core jBoss distribution.

> 2. Including instructions for configuring an ant build to use jBoss 
> and Tomcat libraries

Definitely.  This shouldn't be too difficult.  We use ant for our build,
currently.

> 3. Including binary versions of interceptors in the zipped 
> distribution, with a "readme" for their use

That's fine with me.

> I'm not sure about the APL / GPL licensing problems. But I'm sure 
> plenty of other people will be. :-)

Yeah; there seems to be lots of enthusiasm for "understanding" that
issue.

> (By the way, my "security integration" with Tomcat was basically 
> one import and two lines of code added to an existing file as an 
> example. I probably should have just put a diff on the list, 
> but I was 
> afraid that people might be using different versions of the file. Did 
> you just set the principal and credential in SecurityAssociation?)

Right.  This is pretty much it:

public class JbossRealm  extends  BaseInterceptor {
        public int authenticate( Request req, Response response ){
                Hashtable cred=new Hashtable();
                SecurityTools.credentials( req, cred );
                String user=(String)cred.get("username");
                SecurityAssociation.setPrincipal( new SimplePrincipal(
user ) );
                return 0;
        }
}

Reply via email to