Form-based authentication

Sat, 20 Jun 2009 14:28:47 -0700 

Hello everybody,

If this is not the appropriate mailing list, please tell me which mailing list 
I should use.

I have writte a first jaas login module and it does authenticate users by 
logging into an imap server. If the credentials establish a connection and 
the inbox can be opened, the login is considered successful. 

This works so far.

But now I do not see how to connect the authentication module to a security 
constraint. I mean, do I have to add every user that has an imap account to 
web.xml? Not really!? (You will find my web.xml and context.xml at the end of 
this message)


Best Regards,

Oliver Block

<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/JavaMailLoginServlet">

    <Realm className="org.apache.catalina.realm.JAASRealm"
        appName="WebLogin"
        userClassNames="com.oliverblock.principal.JavaMailPrincipal"
        roleClassNames=""
        debug="99" />

    <Resource name="mail/Session" auth="Container"
            type="javax.mail.Session"
            mail.smtp.host="localhost" mail.imap.host="localhost"
            factory="org.apache.naming.factory.MailSessionFactory"
            />
</Context>


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>UserConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>User</web-resource-name>
            <description/>
            <url-pattern>/</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>User</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name/>
        <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/loginError.html</form-error-page>
            </form-login-config>
        </login-config>
    <security-role>
        <description/>
        <role-name>User</role-name>
    </security-role>
    </web-app>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to