You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@jakarta.apache.org by Brill Pappin <br...@jmonkey.com> on 1999/11/15 00:22:00 UTC

Security Implementation

Hi all,
A little while ago, there was a need for someone to take on the Security
module for Tomcat...
has that torch been taken up yet?

- Brill Pappin
  www.jmonkey.com

Re: Security Implementation

Posted by "Craig R. McClanahan" <cm...@mytownnet.com>.

Brill Pappin wrote:

> Hi all,
> A little while ago, there was a need for someone to take on the Security
> module for Tomcat...
> has that torch been taken up yet?

That proposal was mine.

The current state of the work is in two new packages that are not yet
integrated with the core:

    org.apache.tomcat.security
    org.apache.tomcat.security.file

with the basic idea that the existing RealmSecurityConnector interface will
be replaced by a ServiceInterceptor implementation (called
SecurityInterceptor) to enforce the security restrictions, and a pluggable
RealmConnector interface that lets you attach the security architecture to
any of a variety of security technologies (like a JNDI-accessed directory
servier, a JDBC-accessed database, or something custom to your own legacy
environment).

The current code has a lot of "XXX" comments where things need to be
fleshed out, but you can see the direction I've been heading.

Craig McClanahan