Okay, I see your point.
But, if a user requests a secure page without logging in, how will you
find out? Are you using a Servlet Filter or something?
Poorna
David Delbecq wrote:
Hello Poornachandran,
as i said webapp X manage authentification all by itself (basically
using it's own providers, so there is now security constraint and so on
in the web.xml, webapp does not use container managed security, and i
have no control over this, closed source webapp), but it provides an
extension mecanism (implement a given interface). I'd like to implement
a simple class that just do something like
tomcatContainer.checkCredentials(user,userprovidedpass), which will
check those credentials against configured realm. Or, if i have no other
choice, will instanciate the realm, configure it and use it. (I just
hope don't need to do that, this sound awfull).
So, obviously, in webapp, a request.getUserPrincipal() will always
return null.
Poornachandran a écrit :
Hi David,
I am just wondering after your app authenticates, are you able to get
not-null from request.getUserPrincipal(). I understand this is how the
container understands that user is logged on or not.
Poorna
David Delbecq wrote:
Hello,
I probably will have the following webapp structure to configure
- webapp X manage authentification all by itself (using forms and so on)
but provide a way to configure your own credential using a quite basic
checkPassword(user,pass) interface.
- Tomcat is able to authenticate all my users for now (connecting to a
ldap-like JNDI structure)
Is there a way from the webapp to call tomcat api and have it check a
user/password according to configured realm?
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]