You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by delbd <de...@oma.be> on 2005/06/06 11:36:11 UTC
Realm implemenation, passing additionnal informations to webapplication
Hello,
I had to write my own realm implementation to authenticate users.
Now am faced with a problem, this realm contains additionnal datas on the
user, like email, fullname, office telephone number.
I'd like to pass this informations to the webapplication, however am not sure
how to do this. I thought to create a decorator class around a Principal to
store this information and do a typecasting in webapp to access additionnal
informations.
But the realm implementation is stored in server/lib/myrealm.jar and am not
sure classes in server/lib/*.jar are visible to the webapplication.
Any recommendation?
--
David Delbecq
Royal Meteorological Institute of Belgium
-
Is there life after /sbin/halt -p?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Realm implemenation, passing additionnal informations to webapplication
Posted by delbd <de...@oma.be>.
Does the realm have access to the session? Because informations i need in
webapp is taken from where the realms does it's authentification.
I my case, the realm access a NIS to check user passwoard, and informations
such as fullname, phone and email, are alos in this nis. I do not want the
webapp to also access directly the nis.
Le Lundi 6 Juin 2005 12:48, QM a écrit :
> On Mon, Jun 06, 2005 at 11:36:11AM +0200, delbd wrote:
> : I had to write my own realm implementation to authenticate users.
> : Now am faced with a problem, this realm contains additionnal datas on the
> : user, like email, fullname, office telephone number.
> : I'd like to pass this informations to the webapplication, however am not
> : sure how to do this.
>
> Let's take a step back: is the extra info used to authenticate the user?
> or is it used by the webapp itself, after the user has logged in?
>
> In the latter case, you can store a user-specific object in the session
> after the user logs in. Many people write a ServletFilter that checks
> for said object and, if it doesn't exist, creates/populates it.
>
> (Of course, the filter should only be mapped to protected areas; it is
> otherwise of limited value ;)
>
> -QM
--
David Delbecq
Royal Meteorological Institute of Belgium
-
Is there life after /sbin/halt -p?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Realm implemenation, passing additionnal informations to webapplication
Posted by QM <qm...@brandxdev.net>.
On Mon, Jun 06, 2005 at 11:36:11AM +0200, delbd wrote:
: I had to write my own realm implementation to authenticate users.
: Now am faced with a problem, this realm contains additionnal datas on the
: user, like email, fullname, office telephone number.
: I'd like to pass this informations to the webapplication, however am not sure
: how to do this.
Let's take a step back: is the extra info used to authenticate the user?
or is it used by the webapp itself, after the user has logged in?
In the latter case, you can store a user-specific object in the session
after the user logs in. Many people write a ServletFilter that checks
for said object and, if it doesn't exist, creates/populates it.
(Of course, the filter should only be mapped to protected areas; it is
otherwise of limited value ;)
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org