I have a custom realm that is quite complex and uses a variety of third party libraries, including Spring. In Tomcat 5.5, I placed the Realm and all of the JARs it depended upon in the server/lib directory. This kept these classes in the Catalina class loader, which was not visible to any web applications. This was the perfect solution since I do not want to automatically include all of these JARs in the classloading hierarchy of my web applications.
Now I am trying to migrate to Tomcat 7, and having a hard time figuring out a way to create the same configuration. I see that there is no longer a Catalina classloader or any classloader that won't be visible to the web applications. Is that accurate or is there some way to isolate certain JAR files and prevent them from being visible to my web applications? Also, I'm thinking that another option could be to have a separate web application for authentication. Would I be able to do this and still integrate with the Realm concept in Tomcat? As a side note, I'm working in a portal environment so I use the SSO valve and basically want a single point of authentication for all web applications (i.e. portlets) deployed in the servlet container. Thanks, Steve