I'm having problems using the Tomcat 4 security design for a slightly customised requirement. I've created a custom realm for an external information provider which, when I authenticate a user, gives me a token (in the form of an essentially opaque object). This token needs to be passed back to the external provider when accessing data protected by that realm/external provider. I also need to enable single sign-on for a whole virtual host.
I've got almost everything working correctly - my custom realm authenticates correctly, and SSO with it works. However, I can't do anything useful with the external information provider, since the current design provides no way to put the token object from the realm into a request, where it could be accessed by a servlet, JSP etc. This is because the realm has no access to the request - you need an authenticator for that. I tried subclassing FormAuthenticator, but it's of no use - an authenticator has to be placed into a context, and can't be placed into a host! So to achieve SSO, I have to add the authenticator as a valve into every Context. I'd rather not do this unless it's unavoidable - and anyway, what would be the way of getting the token out of the realm into the authenticator? Can anyone suggest a clean alternative way of getting things to work in the scenario I've described? Also, why is it necessary to have getPassword(String username) and getPrincipal(String username) in every Realm, especially as they all return null except for the versions in MemoryRealm? The idea of orthogonal realm and authenticator is nice in theory, but it seems that what I need is something like an Authenticator and Realm rolled into one. I'd appreciate any comments from those of you with experience in this area. (This is my first post to the list, so please be patient if I have missed something simple. I have searched the mailing-list archive for similar problems and found no joy.) Thanks, Vinay Sajip __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>