Hello Poornachandran, as i said webapp X manage authentification all by itself (basically using it's own providers, so there is now security constraint and so on in the web.xml, webapp does not use container managed security, and i have no control over this, closed source webapp), but it provides an extension mecanism (implement a given interface). I'd like to implement a simple class that just do something like tomcatContainer.checkCredentials(user,userprovidedpass), which will check those credentials against configured realm. Or, if i have no other choice, will instanciate the realm, configure it and use it. (I just hope don't need to do that, this sound awfull).
So, obviously, in webapp, a request.getUserPrincipal() will always return null. Poornachandran a écrit : > Hi David, > > I am just wondering after your app authenticates, are you able to get > not-null from request.getUserPrincipal(). I understand this is how the > container understands that user is logged on or not. > > Poorna > > David Delbecq wrote: > >> Hello, >> >> I probably will have the following webapp structure to configure >> - webapp X manage authentification all by itself (using forms and so on) >> but provide a way to configure your own credential using a quite basic >> checkPassword(user,pass) interface. >> - Tomcat is able to authenticate all my users for now (connecting to a >> ldap-like JNDI structure) >> >> Is there a way from the webapp to call tomcat api and have it check a >> user/password according to configured realm? >> >> Thanks. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
