Sent from my iPhone
On Jun 16, 2010, at 11:12 AM, David kerber <dcker...@verizon.net> wrote:
On 6/16/2010 10:58 AM, Marc Boorshtein wrote:
...
That being said, the sequence of events should be:
1. Web server authenticates the user (works)
2. Pass the context to Tomcat (works)
3. Tomcat calls the realm to retrieve the user information and set
the context (doesn't presently occur)
#3 appears to be the issue. Authenticaiton and Authorization should
be separate steps entirely in order to satisfy the J2EE contract in
an
enterprise environment (which often involves WAMs).
So it doesn't sound like there is a configuration way to handle this.
I think I'll try hacking around to see if I can solve this with some
kind of custom Realm.
Keep in mind that Tomcat is not a full j2ee server; it's a "servlet
container", so may not meet some of the requirements you have for
your app if they are part of higher-level j2ee specs.
D
Yes, however there are security methods in the sevrlet spec
(getPrincip, isUserInRole). Tomcat+mod_jk should satisfy these contracts
Thanks
Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org