You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eric Chow <ec...@macaucabletv.com> on 2003/05/30 03:51:16 UTC
JAAS LoginModule ?
Hello,
In Tomcat, we can use container based authorization.
Those username/password information can be place in a XML files or use
DBRealm, right ?
How can I implement a login module, so that the Web Container will called my
module instead of the default login module.
For example, the following is my login.jsp.
<form action="j_security_check" method="post" name="fm">
<input name="j_username">
<input name="j_password">
<input type="submit" value="Login">
</form>
When the above submit, it will pass to my LoginModule, how can I implement
that part?
Best regards,
Eric
==========================
If you know what you are doing,
it is not called RESEARCH!
==========================
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JAAS LoginModule ?
Posted by Bill Barker <wb...@wilshire.com>.
Nope. Realms and Authenticators are Tomcat-specific. There are reports on
this list of people using Filters to do much the same thing (i.e. search the
archives).
"Eric Chow" <ec...@macaucabletv.com> wrote in message
news:000501c3265d$f1be4b20$5c64a8c0@mctv...
> How can I do if I want to implmenet an Authenicator that can use in any
> other application servers.(JBoss, WebLogic, etc) ?
>
> Eric
>
>
>
> ----- Original Message -----
> From: "Bill Barker" <wb...@wilshire.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, May 30, 2003 11:50 AM
> Subject: Re: JAAS LoginModule ?
>
>
> > It really depends on what you need to do. For the simplest case, you
> > implement your own Realm (public class MyRealm implements
> > org.apache.cataliana.Realm), and configure it in server.xml like
anyother
> > Realm. In TC 4.x, Realms don't have access to the Request/Response:
They
> > just get the login credentials, and are expected to validate them (or
not
> > :).
> >
> > If you need more control on authentication, then you need to implement a
> > custom Authenticator (public class MyAuthenticator implements
> > Valve,Authenticator). This class gets full control over authenticating
a
> > Request, and can access anything in the Request/Response. You configure
> it
> > via:
> > <Context path="/myapp" docbase="webapps/myapp">
> > <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
> > </Context>
> >
> > Neither of these (but especially the second) plays well with the admin
> > webapp.
> >
> > "Eric Chow" <ec...@macaucabletv.com> wrote in message
> > news:001c01c3264d$f8528240$5c64a8c0@mctv...
> > > Hello,
> > >
> > > In Tomcat, we can use container based authorization.
> > >
> > > Those username/password information can be place in a XML files or use
> > > DBRealm, right ?
> > >
> > >
> > > How can I implement a login module, so that the Web Container will
> called
> > my
> > > module instead of the default login module.
> > >
> > > For example, the following is my login.jsp.
> > >
> > > <form action="j_security_check" method="post" name="fm">
> > > <input name="j_username">
> > > <input name="j_password">
> > > <input type="submit" value="Login">
> > > </form>
> > >
> > > When the above submit, it will pass to my LoginModule, how can I
> implement
> > > that part?
> > >
> > > Best regards,
> > > Eric
> > >
> > > ==========================
> > > If you know what you are doing,
> > > it is not called RESEARCH!
> > > ==========================
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JAAS LoginModule ?
Posted by Eric Chow <ec...@macaucabletv.com>.
How can I do if I want to implmenet an Authenicator that can use in any
other application servers.(JBoss, WebLogic, etc) ?
Eric
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Friday, May 30, 2003 11:50 AM
Subject: Re: JAAS LoginModule ?
> It really depends on what you need to do. For the simplest case, you
> implement your own Realm (public class MyRealm implements
> org.apache.cataliana.Realm), and configure it in server.xml like anyother
> Realm. In TC 4.x, Realms don't have access to the Request/Response: They
> just get the login credentials, and are expected to validate them (or not
> :).
>
> If you need more control on authentication, then you need to implement a
> custom Authenticator (public class MyAuthenticator implements
> Valve,Authenticator). This class gets full control over authenticating a
> Request, and can access anything in the Request/Response. You configure
it
> via:
> <Context path="/myapp" docbase="webapps/myapp">
> <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
> </Context>
>
> Neither of these (but especially the second) plays well with the admin
> webapp.
>
> "Eric Chow" <ec...@macaucabletv.com> wrote in message
> news:001c01c3264d$f8528240$5c64a8c0@mctv...
> > Hello,
> >
> > In Tomcat, we can use container based authorization.
> >
> > Those username/password information can be place in a XML files or use
> > DBRealm, right ?
> >
> >
> > How can I implement a login module, so that the Web Container will
called
> my
> > module instead of the default login module.
> >
> > For example, the following is my login.jsp.
> >
> > <form action="j_security_check" method="post" name="fm">
> > <input name="j_username">
> > <input name="j_password">
> > <input type="submit" value="Login">
> > </form>
> >
> > When the above submit, it will pass to my LoginModule, how can I
implement
> > that part?
> >
> > Best regards,
> > Eric
> >
> > ==========================
> > If you know what you are doing,
> > it is not called RESEARCH!
> > ==========================
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JAAS LoginModule ?
Posted by Bill Barker <wb...@wilshire.com>.
It really depends on what you need to do. For the simplest case, you
implement your own Realm (public class MyRealm implements
org.apache.cataliana.Realm), and configure it in server.xml like anyother
Realm. In TC 4.x, Realms don't have access to the Request/Response: They
just get the login credentials, and are expected to validate them (or not
:).
If you need more control on authentication, then you need to implement a
custom Authenticator (public class MyAuthenticator implements
Valve,Authenticator). This class gets full control over authenticating a
Request, and can access anything in the Request/Response. You configure it
via:
<Context path="/myapp" docbase="webapps/myapp">
<Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
</Context>
Neither of these (but especially the second) plays well with the admin
webapp.
"Eric Chow" <ec...@macaucabletv.com> wrote in message
news:001c01c3264d$f8528240$5c64a8c0@mctv...
> Hello,
>
> In Tomcat, we can use container based authorization.
>
> Those username/password information can be place in a XML files or use
> DBRealm, right ?
>
>
> How can I implement a login module, so that the Web Container will called
my
> module instead of the default login module.
>
> For example, the following is my login.jsp.
>
> <form action="j_security_check" method="post" name="fm">
> <input name="j_username">
> <input name="j_password">
> <input type="submit" value="Login">
> </form>
>
> When the above submit, it will pass to my LoginModule, how can I implement
> that part?
>
> Best regards,
> Eric
>
> ==========================
> If you know what you are doing,
> it is not called RESEARCH!
> ==========================
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org