I've been looking into Catalina's source to try to understand what happens
when a user is authenticated via the j_security_check. As far as I can see,
there is a FormAuthenticator that extends AuthenticatorBase that calls
.getRealm() then .authenticate(...) on that realm.
>From here the realm (JDBCRealm in my case) gets a list of roles for this
user, creates a GenericPrincipal, then returns this principal; encapsulating
the username / password / roles list.
>From here I can see that the authenticator stores this principal in the
org.apache.catalina.Session implementation as a note (setNote(...)).
I'm not sure though how Catalina stores this principal to use in calls like
request.isUserInRole("foo") etc.
Is there any way I can create a servlet to authenticate a user and simulate
this process, I.e. create a GenericPrincipal and store it somewhere?
Also, is there any way I can obtain the current realm to authenticate and
return a GenericPrincipal?
I've implemented a JAAS LoginModule, callback handler, principals etc and
have my webapp authenticating and returning a Subject, but I'm at a loss to
know what to do with this subject so that Catalina can make sense of it.
Finally, is there a good doc that explains JAAS integration with Tomcat /
Catalina?
Any help would be really appreciated!
Cheers,
Ben
********************************************************************
This email may contain information which is privileged or confidential. If you are not
the intended recipient of this email, please notify the sender immediately and delete
it without reading, copying, storing, forwarding or disclosing its contents to any
other person
Thank you
Check us out at http://www.btsyntegra.com
********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
