User Authentication

[Peter Beck <pe...@sbox.tu-graz.ac.at>]

Hi!

As far as I have seen, users and roles are read from the static file
"tomcat-users.xml".

We already have users and passwords in a database and we'd like to use
them for the homepage as well.

Is there a way to have a servlet or EJB perform user authentication?

regards, Peter

Re: User Authentication

[Costin Manolache <Co...@eng.sun.com>]

Peter Beck wrote:

> Hi!
>
> As far as I have seen, users and roles are read from the static file
> "tomcat-users.xml".
>
> We already have users and passwords in a database and we'd like to use
> them for the homepage as well.
>
> Is there a way to have a servlet or EJB perform user authentication?

Yes, take a look at SecurityCheck - you just need to create an
interceptor
( either by extending SC or using it as a template ).
We will extend this to support JAAS - i.e. any PAM or the native
windows auth ( in 3.2 probably ).

A better solution if you use Tomcat + Apache ( IIS, NES ) is to set
the web server to do the authentication. It's not so easy right now,
because you need to set everything manually, but you can have
the same auth for both web server and servlets.

A third solution is to use your own authentication scheme, and
then you can do it in your servlets.

Costin