You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Richard Yumul <rm...@polexis.com> on 2001/03/15 19:07:42 UTC

j_security_check form authentication controlled in WAR context?

Is there a way to define the authenticating class within the WAR context?  I
like the way SimpleRealm & JDBCRealm work, automatically protecting every
resource matching a regex.

However if I need a custom realm, I'd really prefer to have it be deployable
in the war (would work across servlet containers) & not have to customize
tomcat.  If not, how are other people getting around this, other than
putting a custom tag (or something) on every jsp page?

TIA,
Rich

Richard M. Yumul
Polexis, Inc.
Direct: 619-542-7209
Fax: 619-542-8675
http://www.polexis.com
transforming data into knowledge

Re: j_security_check form authentication controlled in WAR context?

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Thu, 15 Mar 2001, Richard Yumul wrote:

> Is there a way to define the authenticating class within the WAR context?  I
> like the way SimpleRealm & JDBCRealm work, automatically protecting every
> resource matching a regex.
> 
> However if I need a custom realm, I'd really prefer to have it be deployable
> in the war (would work across servlet containers) & not have to customize
> tomcat.  If not, how are other people getting around this, other than
> putting a custom tag (or something) on every jsp page?
> 

There is no portable API in the servlet spec defining how a container
should talk to the authentication realm.  This was considered in the
process leading up to the 2.3 (proposed final draft) spec, but we didn't
have time to settle on a standardized interface :-(.

Thus, you are stuck having to conform to the APIs that each container
provides for this purpose (for example, in Tomcat you would build your own
Realm implementation).  However, your apps themselves would all be
portable.

> TIA,
> Rich
> 

Craig McClanahan