RE: Help: Tomcat JAAS Authentication Help (How does j_security_check work?)
If anyone has any insights; could you CC me in the reply. It seems I am having problems receiving the mails from tomcat-user. Cheers, Ben -Original Message- From: HILL, Ben -Syntegra UK Sent: 18 May 2004 12:17 To: [EMAIL PROTECTED] Subject: Help: Tomcat JAAS Authentication Help (How does j_security_check work?) I'm trying to implement a servlet filter that intercepts requests to a servlet and if the user is not authenticated, run the supplied username and password through a JAAS authentication cycle. I would like to know how this process is done using the j_security_check as I'd like to implement the same functionality. I wish to be able to JAAS authenticate when the filter intercepts the request so that after the authentication I can call request.isUserInRole(), request.getUserPrincipal(), request.getRemoteUser() etc. After looking at the API docs at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/ api/index.html I have found the org.apache.catalina.realm.JAASCallbackHandler and suspected that if I can find the realm, (set up as a JDBC realm in the server.xml), and then pass in the username and password to this callback handler - I can run the .login() method somehow. Any help would be appreciated, if you know of any howtos or docs, that would be great! Cheers, Ben This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.btsyntegra.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.btsyntegra.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help: Tomcat JAAS Authentication Help (How does j_security_check work?)
I'm trying to implement a servlet filter that intercepts requests to a servlet and if the user is not authenticated, run the supplied username and password through a JAAS authentication cycle. I would like to know how this process is done using the j_security_check as I'd like to implement the same functionality. I wish to be able to JAAS authenticate when the filter intercepts the request so that after the authentication I can call request.isUserInRole(), request.getUserPrincipal(), request.getRemoteUser() etc. After looking at the API docs at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/index.html I have found the org.apache.catalina.realm.JAASCallbackHandler and suspected that if I can find the realm, (set up as a JDBC realm in the server.xml), and then pass in the username and password to this callback handler - I can run the .login() method somehow. Any help would be appreciated, if you know of any howtos or docs, that would be great! Cheers, Ben This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.btsyntegra.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication help
Hi, I was wondering if someone could help me with authentication. I have set up my tomcat-user.xml file and in my web.xml in my $TOMCAT_HOME/conf directory I have security-constraint web-resource-collection web-resource-nameProtected/web-resource-name url-pattern/ROOT/url-pattern url-pattern/ROOT/jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nametest/role-name /auth-constraint /security-constraint login-config auth-method BASIC /auth-method realm-name Default /realm-name /login-config security-role role-nametest/role-name /security-role Am I missing something here or do I need to have it in each web.xml file in each of my application directories. Currently I am getting no login window at all? Thanks in advance for your help!! Mike
