I on Tomcat 5.0.28 on Redhat Linux AS4. I have some doubts on creating (programming) a custom realm, and I could not find my answers after a google search.
Goal: I have a web-app which I have protected with an external authentication engine. To achieve this, I have written a custom valve which sets a principal. Code snippet in "invoke": // The username of the external system is same as username of tomcat. String user = GetIdentity(); // This returns the user. Works OK. GenericPrincipal principal = new GenericPrincipal(request.getContext().getRealm(), user,user); ((HttpRequest)request).setUserPrincipal(principal); Here, I do not get the roles of the user, so the principal object is been set without roles, and so, the authorization to the webapp is being denied (although authentication is passed). I thought of writing a custom Realm to get the Principal and the associated roles from tomcat, but I have difficulty/doubt in the custom realm. Code snippet of my trial is below, but if anyone can provide a better solution that would also be good. I tried to extend RealmBase and implement Realm class and override the getPrincipal, getPassword and getUser methods. I do not wish to do any authentication here, because the authentication is already done by the external system. Over here, I do not have any clue on how to get the principal from the request. I tried to search, but no help. public class CustomRealm extends RealmBase implements Realm { protected java.security.Principal getPrincipal(String userName) { GenericPrincipal principal.... } } Any hints would be welcome. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org