Hi Antony,
Normally 3.2 is frozen, and only bug fixes should go in.
But the good news is that for what you want, only a simple add-on module
is needed ( and if it's available before 3.2 is final, we can probably
include it in package - if not it'll be a separate download ).
It should be reasonably easy - all you need to do is implement a module,
with setters for all properties that you need for configuration, using the
Simple or JDBC authenticators as a template.
In 3.2 you'll need to implement authorize() and authenticate() hooks.
Tomcat 3.x doesn't care how the authentication is done - it just calls the
authentication chain and if a module returns OK and sets the roles then
everything is ok. ( same model as in Apache/IIS/NES )
In 3.3 the auth code has been cleaned and reorganized, but it works in the
same way.
Please let me know if you need any help ( Nacho is probably a better
source :-), it would be a great contribution.
Costin
On Wed, 14 Mar 2001, Antony Bowesman wrote:
> Hi,
>
> I am trying to find out if it is possible to plug ones own proprietary
> user realm into Tomcat 3.2. I have JAAS login modules that authenticate
> against this user realm and populate the JAAS Subject with principals
> (user names, groups, roles). However, I need to get this JAAS created
> security context into the Web container's security context, so that, for
> example, IsUserInRole() can be used to determine Roles from the original
> user realm and any calls to EJB container will get the security context.
>
> Rgds
> Antony
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
