I'm currently doing something similar. I have authentication working as an Interceptor. I based it off of the BaseInterceptor class. I just re-wrote the authenticate() method. I suspect that I will need to rewrite part of the context manager's doAuthenticate() method, but I'm not sure whether or not I'll have to do that yet. Have you gotten any useful advice?
-Vijay
-----Original Message-----
From: Geoff Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 10:04 AM
To: [EMAIL PROTECTED]
Subject: Custom authentication mechanism in Tomcat?
Hi,
I'd like to implement a custom authentication mechanism for Tomcat. How
should I go about it?
OK, so that's a huge question. I'll try and be a bit more specific: I'd
like to be able to authenticate users against a database. I'm not afraid of
writing the code to do all this, but I'd like to get it right instead of
heading off in the wrong direction. At the minute it works as a Filter, but
that doesn't allow you to use roles or security constraints.
So I suppose the question is how do I hook the user authentication code I
already have into the server so it's called to authenticate <login-config>s.
Or something.
Sorry if this has been asked before, or if the answer's in some obvious
place. I really have looked around, I just haven't been able to find
anything relevant.
So, any pointers/clues/hints out there?
Many thanks,
Geoff
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
