Arun wrote: > On 10/5/07, Pid <[EMAIL PROTECTED]> wrote: >> Arun wrote: >>> I have a tomcat 6 installed. I have a running webapplication . I need to >>> implement a role based access control. How can I combine servers >>> capabilities >>> so that I can use the request.getPrincipal() method ... I also have a list >>> of roles and groups and who all are assigned what all roles/groups in db. >>> Now its time to implement an access control mechanism. I do not want Basic >>> authentication with a popup. I will be logging in by a normal html sign in >>> form, with a username and password field. Once that is done everything >>> should be the J2EE way. The roles for that user should get added to the >>> request and I can use it for authorization. >>> >> Form based authentication, part of the servlet spec, is what you are >> referring to. Google is your friend. >> >> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html > > That is tied down to a server. I have my own db scheme as well as different > servers to deploy. I cannot use tomcat specific Realm class. Are there any > other solutions? any links ?
Well, that is J2EE for you; things are standard for the application (code, deployment - to some extent), but implementation specific for the container configuration. So, if you're planning to support an application for multiple servers, you're bound to see various ways to configure things - but your application code will be the same for each container. What that page describes is how to configure Tomcat to provide you with the infrastructure needed for (form-based) login. How to configure some other container will be documented in the proper documentation for that other container. As for having your own database schema, you may need to prepare to have slightly different schemas for different containers. The other solution would be to provide either JAAS plugins or full realm implementations for all the containers you plan to support. For Tomcat, apparently the JAAS plugin would be the way to go. -- ..Juha --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
