Thanks for the info Yoav; however, I've tried what you suggested, and everything I can think of myself, and no luck.
I don't know of anything in the declarative security that would help with this. Most of my apps use the standard for security, but there's one app that uses it's own login from a database. I created my own Realm that uses its table structure, thinking that in the login of this app, I could simply get a reference to the Realm, pass the credentials to it and bingo, I'm authenticated in both. I have tried: 1. Navigating the tomcat class hierarchy: problem is with class loaders. When I'm in the webapp and I do ServerFactory.getServer(), there are no services configured (ie ServerFactory.getServer().findServices() returns an empty array. 2. Placing my custom Realm in the common/lib, so it would be available to all classes. Then the catalina classes (which I extend, particularly JdbcRealm) aren't visible causing ClassNotFoundExceptions on startup. There's no way to break out of these dependencies that I can see. 3. Binding the Realm into JNDI from within the Realm constructor. Doesn't seem to work, getting javax.naming.NameNotFoundException: Name java:comp is not bound in this Context. Because the Realm is created first off, I don't think the JNDI contexts are set up. Is there some way I could do it through the MBeans maybe? Any other ideas, or even explanations of why I'm bone-headed are appreciated! :) Thanks in advance, Tim Sawlor -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, 7, December, 2004 11:51 AM To: Tomcat Users List Subject: RE: Possible to Authenticate from Servlet/Webapp Code? Hi, The Spec-mandated, and therefore portable, approach is via the web.xml declarative security. The Tomcat-specific way would mean you navigate down the container hierarchy, starting with ServerFactory.getServer, down to Service, Engine, Host, to find your Realm object. You could probably do this once on your app startup, e.g. in a listener or filter init. Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Tuesday, December 07, 2004 10:45 AM >To: [EMAIL PROTECTED] >Subject: Possible to Authenticate from Servlet/Webapp Code? > >Question: >--------- >Is there a way to authenticate a user to the container (including SSO) from >within a servlet? Something like: > >protected void service(HttpServletRequest req, HttpServletResponse resp) { > Realm tomcatRealm = //how to get the realm??? > tomcatRealm.authenticate("dauser", "dauserspassword"); > ... >} > >Other Info: >----------- >I know how to configure the custom login pages, etc., but I need a way to >authenticate in two places at once, due to a legacy application. > >It seems like this should be easy to do, so I expect I'm missing something >obvious, but I simply can't figure out how to do it. I've been searching >for >a while... > >While standards-based would be better, a Tomcat-specific way would be fine >as well. > >-- >Tim Sawlor > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]