You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jerome Jacobsen <je...@gentootech.com> on 2001/05/01 15:52:15 UTC

Tomcat and J2EE security

I'm new to J2EE security, both servlet and EJB.  From what little reading
I've done it sounds like declarative security should be seamless between the
servlet container and the EJB container (and that no programming should be
necessary for declarative security).  Here's an excerpt from a recent
article from the Java Developer's Journal:

    "... the credentials provided to the web server are
     propagated to the EJB, providing seamless integration ..."

Is this possible with Tomcat?  If so, with which realms?  I'm assuming that
the JAASRealm should allow for single signon.  I'm not sure how credentials
get automatically "propagated to the EJB" without requiring the developer to
code this.

Also, which Realms can be integrated with Tomcat 3.2?

-Jerome