Hi, I'm trying to implement a solution to log in users to one of our web apps which runs on Tomcat via cookies to which I've had several false starts and I'd like to ask some advice on the best way of implementing this securely. What I'm trying to achieve is when the user logs in on main site and clicks the link to the Java calendar, the link will read the cookie (extracting the user name/password and converting into hex to send back to the main config files to check if its valid whilst also checking that they are a member of our service) and then grant access to the application on success.
I was looking at the JAAS realm since the user information is kept in what is essentially a flat file db and trying to write a LoginModule which replicates the existing Perl scripts actions for checking username/password and membership. AFAIUI, I'd need to write a servlet to process the cookie before hitting the JAAS realm though. Have I understood this correctly or can I get the LoginModule to do the processing (which appears to be implied in the Tomcat manual on Realms)? Ultimately I will need to be able to log users in via http, https and the Shibboleth Single Sign On (for which I know there is a JAAS realm). As I understand it, as long as I have a config which lists all the various login methods, I should be able to stack these onto one Tomcat, or have I also misunderstood this? Many thanks in advance. Iain Iain Emsley Support Analyst JISCmail: www.jiscmail.ac.uk Mailtalk: www.mailtalk.ac.uk --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
