You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mike Klein <mi...@sbcglobal.net> on 2006/05/26 08:00:32 UTC
Is custom realm using user/role data in webapp possible?
As opposed to having realm read from external source like ldap or jdbc...
My webapp JASM uses in-memory user/role database. I realize this isn't
"ideal"...but.
JASM uses simple form-like authentication hard-wired into jsp. I
couldn't use basic/form because user database is stored in serialized
data in webapp.
Well...now that I've got axis camera which can report via http...but it
attempts Basic authentication and JASM uses hard form.
I could have JASM read Basic auth header from camera...but I'd rather
have realm specific to webapp.
Problem is...realm classes assume OUTSIDE of webapp (jndi, jdbc,
etc.)...no way to tap into serialized data stored in webapp.
Does this sound correct?
Until I store user/role information for JASM in external db (which I
need to do anyways)...I guess I'm stuck just picking off Basic auth header.
Only disadvantage of not using tomcat realms is I cannot use
"isUserInRole"/etc. methods...but no big deal I guess.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is custom realm using user/role data in webapp possible?
Posted by Jon Wingfield <jo...@mkodo.com>.
You can do it. But there are a few quirks.
Your Realm classes have to be accessible to the server class loader.
This means another layer of indirection is needed to keep all your
webapp specific classes out of the common/server classloader.
What we did, where:
Common Classloader:
An interface redefining the authentication mechanism.
A wrapper class (let's call it AWC) with get/set methods for the above
interface.
Server Classloader:
Realm class. All this does is look up the AWC via JNDI to perform auth.
Webapp:
The wrapper class is published via JNDI (set up in context.xml).
On startup (ContextListener) looks up the AWC via JNDI and sets an
implementation of the authentication mechanism for your webapp.
On shutdown clean up the authenticator in the AWC (allows
WebappClassloader to be garbage collected).
HTH,
Jon
Mike Klein wrote:
> As opposed to having realm read from external source like ldap or jdbc...
>
> My webapp JASM uses in-memory user/role database. I realize this isn't
> "ideal"...but.
>
> JASM uses simple form-like authentication hard-wired into jsp. I
> couldn't use basic/form because user database is stored in serialized
> data in webapp.
>
> Well...now that I've got axis camera which can report via http...but it
> attempts Basic authentication and JASM uses hard form.
>
> I could have JASM read Basic auth header from camera...but I'd rather
> have realm specific to webapp.
>
> Problem is...realm classes assume OUTSIDE of webapp (jndi, jdbc,
> etc.)...no way to tap into serialized data stored in webapp.
>
> Does this sound correct?
>
> Until I store user/role information for JASM in external db (which I
> need to do anyways)...I guess I'm stuck just picking off Basic auth header.
>
> Only disadvantage of not using tomcat realms is I cannot use
> "isUserInRole"/etc. methods...but no big deal I guess.
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org