Thanks for your help . I'm new to TOMCAT , so I may have some confusion.
I thought it's the way that TOMCAT does. We have to use REALM to authenticate as we
define this in web.xml :
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyRealm</realm-name>
</login-config>
It will pop up a log in box, and Realm's authentication method will does the
authentication. After the Login , it 'll call the Servlet's service(). In the
Realm class, which extends org.apache.catalina.realm.RealmBase, there is no access to
HttpRequest, Response, or Session at this point . How do I store a data member of the
Realm class some where (?) so that my servlet can access to it ? Or is it something
that should never be done ? What'd be an alternative solution ? I don't think Filter
serves the goal that I describe above, am I correct ?
Thank you very much. - Chinh
Bill Barker <[EMAIL PROTECTED]> wrote:
I agree with Jean-Francois that the design is less than perfect ;-). You
should probably re-think it. However, I'm willing to give you more than
enough rope to hang yourself ;-).
1) If your custom Realm is configured under a , then simply
have if save an instance of itself into the Session.
2) If not, or otherwise, have it set a request-attribute with itself as the
value.
"Dinh, Chinh" wrote in message
news:[EMAIL PROTECTED]
> Thanks for the response. My situation is like this:
> - I created my own Realm for webDAV access. When I launch
http://localhost:8080/webdav, it will first call myREalm's authentication().
Within authentication(), I calls some existing authentication class, which
returns a USER object (basically, has some application specific user
properties).
> - After the authentication is successful (from a Log-in Dialog box, for
example), it will get to my servlet (in this case, a webDAVservlet). In this
webDavServlet, I would like to get the USER object that I stored as a data
member in my Realm class.
> - That is the reason I want to be able to get the realm object from the
servlet. Any advise ? Thanks . - Chinh
> Jean-Francois Arcand wrote:
>
>
> Dinh, Chinh wrote:
>
> >I have a tomcat question for you .
> >
> >
> >
> >In Tomcat's server.xml, we define a realm (only ONE)
> >
> >
> >
> >
> >
> >When tomcat starts, I think it will instantiate a realm object of this
type .
> >
> >
> >
> >I am trying to find a way to access this realm object in my servlet (the
servlet that starts after the realm's authentication
> >
> >succeeds).
> >
> >There's a method "getRealm()" from org.apache.catalina.core.ContainerBase
, but how would we get this ContainerBase ?
> >
> No. For security reason, a servlet should not have access to any Tomcat
> classes. If your app is able to have access to those methods, any
> malicious app can also have access and snif the information.
>
> Why do you want to have access to the realm?
>
> >
> >Does Tomcat have some kind of global object of this type ?
> >
>
> No...and in Tomcat 5,we have enforced the security protection mechanism
> so it is mostly impossible to invoke Tomcat internal classes (when the
> security manager is turned on)
>
> >
> >
> >
> >Thank you . Chinh
> >
>
> -- Jeanfrancois
>
> >
> >
> >
> >---------------------------------
> >Do you Yahoo!?
> >SBC Yahoo! DSL - Now only $29.95 per month!
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
