Hi Jay,
I believe that I already know the answer to this. But, if possible,
it would be nice to have some confirmation.
I have an application that uses JAASRealm for authentication. Within
my LoginModule class, is it possible to determine which resource the
user is currently trying to access?
My current interpretation of the documentation is that the
authentication module simply knows who you are and what your
credential (password) is. Upon successful authentication, the module
returns with success/fail and the roles associated with that user.
It's then up to the application itself to determine if the user's role
has access to the requested resource. (this is usually declaratively
stated, either through the web.xml configuration, or the struts
configuration).
The only way I know to read any user informations in the JAASRealm, is
to intercept the user request. Unfortunately there is only one location
where you can do this, without change any classes in the catalina.jar.
Look at the RealmBase class. There is a method called
'SecurityConstraint'. This method has a request parameter that you can
intercept with 'this.request = request'. Now, you are able to get all
user information and determine which resource the user currently trying
to access.
Pass the parameter to the upper class like this:
return super.findSecurityConstraints((request, context);
Rewrite the JAASRealm call it like you want, save it with all other
classes you need (login.class ....) and put the jar file under
<tomcat>/server/lib.
Change your entry in your server.xml:
Realm className = "<your JAAS class name>"
Restart Tomcat.
-- Franck
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
