You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Damian Minkov <da...@space-comm.com> on 2003/09/30 11:40:29 UTC
Custom authenticate
For 2 weeks I'm fighting with the authentication in Tomcat.
Is it possible to make it authenticate the user with 3 params.
For example username, password, and group belongs to.
I need the third one because the roles of the user are different for
different groups.
I tried to make my own Valve and realm and to use the Valve as
authenticator but I can't get it work.
Some ideas ?
10x in advance
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
Via ...
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=write+servlet+authentication+filter&btnG=Google+Search
http://java.sun.com/products/servlet/Filters.html
-Tim
Damian Minkov wrote:
> Hello Tim,
>
> Tuesday, September 30, 2003, 2:21:26 PM, you wrote:
>
> TF> WIth those restrictions, I would dump container based authorization and rely
> TF> on filters. Your webapp would then be portable for other containers as well
> TF> as non-dependent on tomcat internals.
>
> TF> -Tim
>
> TF> Damian Minkov wrote:
> I didn't fully understand your suggestion . How can i do this?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
Via ...
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=write+servlet+authentication+filter&btnG=Google+Search
http://java.sun.com/products/servlet/Filters.html
-Tim
Damian Minkov wrote:
> Hello Tim,
>
> Tuesday, September 30, 2003, 2:21:26 PM, you wrote:
>
> TF> WIth those restrictions, I would dump container based authorization and rely
> TF> on filters. Your webapp would then be portable for other containers as well
> TF> as non-dependent on tomcat internals.
>
> TF> -Tim
>
> TF> Damian Minkov wrote:
> I didn't fully understand your suggestion . How can i do this?
>
Re[2]: Custom authenticate
Posted by Damian Minkov <da...@space-comm.com>.
Hello Tim,
Tuesday, September 30, 2003, 2:21:26 PM, you wrote:
TF> WIth those restrictions, I would dump container based authorization and rely
TF> on filters. Your webapp would then be portable for other containers as well
TF> as non-dependent on tomcat internals.
TF> -Tim
TF> Damian Minkov wrote:
>> Hello Tim,
>>
>> Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
>>
>> TF> Can you just change the username to be username@group or username/group and
>> TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
>> TF> authenticator Valves == PITA.
>>
>> TF> Look for any Bill Barker posts in the archives with Authenticator for more
>> TF> information about writing custom ones.
>>
>> TF> -Tim
>>
>> TF> Damian Minkov wrote:
>>
>>
>>>>For 2 weeks I'm fighting with the authentication in Tomcat.
>>>>
>>>>Is it possible to make it authenticate the user with 3 params.
>>>>For example username, password, and group belongs to.
>>>>I need the third one because the roles of the user are different for
>>>>different groups.
>>>>
>>>>I tried to make my own Valve and realm and to use the Valve as
>>>>authenticator but I can't get it work.
>>>>
>>
>>
>>
>> TF> ---------------------------------------------------------------------
>> TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> No I can't make it this way beacuse i have a to step login page
>> First step : username and password
>> Second step : choose group /
>> the groups you choose from are loaded
>> according the username
>> And this two steps doesn't allow me to make it this way.
>>
>>
TF> ---------------------------------------------------------------------
TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
I didn't fully understand your suggestion . How can i do this?
--
Best regards,
Damian mailto:damian@space-comm.com
Re[2]: Custom authenticate
Posted by Damian Minkov <da...@space-comm.com>.
Hello Tim,
Tuesday, September 30, 2003, 2:21:26 PM, you wrote:
TF> WIth those restrictions, I would dump container based authorization and rely
TF> on filters. Your webapp would then be portable for other containers as well
TF> as non-dependent on tomcat internals.
TF> -Tim
TF> Damian Minkov wrote:
>> Hello Tim,
>>
>> Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
>>
>> TF> Can you just change the username to be username@group or username/group and
>> TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
>> TF> authenticator Valves == PITA.
>>
>> TF> Look for any Bill Barker posts in the archives with Authenticator for more
>> TF> information about writing custom ones.
>>
>> TF> -Tim
>>
>> TF> Damian Minkov wrote:
>>
>>
>>>>For 2 weeks I'm fighting with the authentication in Tomcat.
>>>>
>>>>Is it possible to make it authenticate the user with 3 params.
>>>>For example username, password, and group belongs to.
>>>>I need the third one because the roles of the user are different for
>>>>different groups.
>>>>
>>>>I tried to make my own Valve and realm and to use the Valve as
>>>>authenticator but I can't get it work.
>>>>
>>
>>
>>
>> TF> ---------------------------------------------------------------------
>> TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> No I can't make it this way beacuse i have a to step login page
>> First step : username and password
>> Second step : choose group /
>> the groups you choose from are loaded
>> according the username
>> And this two steps doesn't allow me to make it this way.
>>
>>
TF> ---------------------------------------------------------------------
TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
I didn't fully understand your suggestion . How can i do this?
--
Best regards,
Damian mailto:damian@space-comm.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
WIth those restrictions, I would dump container based authorization and rely
on filters. Your webapp would then be portable for other containers as well
as non-dependent on tomcat internals.
-Tim
Damian Minkov wrote:
> Hello Tim,
>
> Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
>
> TF> Can you just change the username to be username@group or username/group and
> TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
> TF> authenticator Valves == PITA.
>
> TF> Look for any Bill Barker posts in the archives with Authenticator for more
> TF> information about writing custom ones.
>
> TF> -Tim
>
> TF> Damian Minkov wrote:
>
>
>>>For 2 weeks I'm fighting with the authentication in Tomcat.
>>>
>>>Is it possible to make it authenticate the user with 3 params.
>>>For example username, password, and group belongs to.
>>>I need the third one because the roles of the user are different for
>>>different groups.
>>>
>>>I tried to make my own Valve and realm and to use the Valve as
>>>authenticator but I can't get it work.
>>>
>
>
>
> TF> ---------------------------------------------------------------------
> TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> No I can't make it this way beacuse i have a to step login page
> First step : username and password
> Second step : choose group /
> the groups you choose from are loaded
> according the username
> And this two steps doesn't allow me to make it this way.
>
>
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
WIth those restrictions, I would dump container based authorization and rely
on filters. Your webapp would then be portable for other containers as well
as non-dependent on tomcat internals.
-Tim
Damian Minkov wrote:
> Hello Tim,
>
> Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
>
> TF> Can you just change the username to be username@group or username/group and
> TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
> TF> authenticator Valves == PITA.
>
> TF> Look for any Bill Barker posts in the archives with Authenticator for more
> TF> information about writing custom ones.
>
> TF> -Tim
>
> TF> Damian Minkov wrote:
>
>
>>>For 2 weeks I'm fighting with the authentication in Tomcat.
>>>
>>>Is it possible to make it authenticate the user with 3 params.
>>>For example username, password, and group belongs to.
>>>I need the third one because the roles of the user are different for
>>>different groups.
>>>
>>>I tried to make my own Valve and realm and to use the Valve as
>>>authenticator but I can't get it work.
>>>
>
>
>
> TF> ---------------------------------------------------------------------
> TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> No I can't make it this way beacuse i have a to step login page
> First step : username and password
> Second step : choose group /
> the groups you choose from are loaded
> according the username
> And this two steps doesn't allow me to make it this way.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re[2]: Custom authenticate
Posted by Damian Minkov <da...@space-comm.com>.
Hello Tim,
Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
TF> Can you just change the username to be username@group or username/group and
TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
TF> authenticator Valves == PITA.
TF> Look for any Bill Barker posts in the archives with Authenticator for more
TF> information about writing custom ones.
TF> -Tim
TF> Damian Minkov wrote:
>> For 2 weeks I'm fighting with the authentication in Tomcat.
>>
>> Is it possible to make it authenticate the user with 3 params.
>> For example username, password, and group belongs to.
>> I need the third one because the roles of the user are different for
>> different groups.
>>
>> I tried to make my own Valve and realm and to use the Valve as
>> authenticator but I can't get it work.
>>
TF> ---------------------------------------------------------------------
TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
No I can't make it this way beacuse i have a to step login page
First step : username and password
Second step : choose group /
the groups you choose from are loaded
according the username
And this two steps doesn't allow me to make it this way.
--
Best regards,
Damian mailto:damian@space-comm.com
Re[2]: Custom authenticate
Posted by Damian Minkov <da...@space-comm.com>.
Hello Tim,
Tuesday, September 30, 2003, 2:05:20 PM, you wrote:
TF> Can you just change the username to be username@group or username/group and
TF> then write a custom Realm on that. Custom Realms == easy to write. Custom
TF> authenticator Valves == PITA.
TF> Look for any Bill Barker posts in the archives with Authenticator for more
TF> information about writing custom ones.
TF> -Tim
TF> Damian Minkov wrote:
>> For 2 weeks I'm fighting with the authentication in Tomcat.
>>
>> Is it possible to make it authenticate the user with 3 params.
>> For example username, password, and group belongs to.
>> I need the third one because the roles of the user are different for
>> different groups.
>>
>> I tried to make my own Valve and realm and to use the Valve as
>> authenticator but I can't get it work.
>>
TF> ---------------------------------------------------------------------
TF> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
TF> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
No I can't make it this way beacuse i have a to step login page
First step : username and password
Second step : choose group /
the groups you choose from are loaded
according the username
And this two steps doesn't allow me to make it this way.
--
Best regards,
Damian mailto:damian@space-comm.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
Can you just change the username to be username@group or username/group and
then write a custom Realm on that. Custom Realms == easy to write. Custom
authenticator Valves == PITA.
Look for any Bill Barker posts in the archives with Authenticator for more
information about writing custom ones.
-Tim
Damian Minkov wrote:
> For 2 weeks I'm fighting with the authentication in Tomcat.
>
> Is it possible to make it authenticate the user with 3 params.
> For example username, password, and group belongs to.
> I need the third one because the roles of the user are different for
> different groups.
>
> I tried to make my own Valve and realm and to use the Valve as
> authenticator but I can't get it work.
>
Re: Custom authenticate
Posted by Tim Funk <fu...@joedog.org>.
Can you just change the username to be username@group or username/group and
then write a custom Realm on that. Custom Realms == easy to write. Custom
authenticator Valves == PITA.
Look for any Bill Barker posts in the archives with Authenticator for more
information about writing custom ones.
-Tim
Damian Minkov wrote:
> For 2 weeks I'm fighting with the authentication in Tomcat.
>
> Is it possible to make it authenticate the user with 3 params.
> For example username, password, and group belongs to.
> I need the third one because the roles of the user are different for
> different groups.
>
> I tried to make my own Valve and realm and to use the Valve as
> authenticator but I can't get it work.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Custom authenticate
Posted by Murray <mp...@optusnet.com.au>.
Damian,
Tim suggested "user/group" or "user@group". That didn't work for you but
what about "role in group" where this is really a set of roles for which you
allow the user to specify the group part of the name.
In this case your security model would have roles such as "customer" and
"vendor" and groups such as "retail" and "wholesale" but the Tomcat
authentication structure would have roles of "retail-customer",
"retail-vendor", "wholesale-customer" and "wholesale-vendor". The number of
roles may get fairly large and you may want to consider a tool to manage
them but the concept would probably work.
I think you would have to write your own "isUserInRole" check to allow you
to concatenate the variables retrieved from the application but it wouldn't
be very complicated.
Murray
-----Original Message-----
From: Damian Minkov [mailto:damian@space-comm.com]
Sent: Tuesday, 30 September 2003 19:40
To: tomcat-user@jakarta.apache.org
Subject: Custom authenticate
For 2 weeks I'm fighting with the authentication in Tomcat.
Is it possible to make it authenticate the user with 3 params.
For example username, password, and group belongs to.
I need the third one because the roles of the user are different for
different groups.
I tried to make my own Valve and realm and to use the Valve as
authenticator but I can't get it work.
Some ideas ?
10x in advance
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Custom authenticate
Posted by Murray <mp...@optusnet.com.au>.
Damian,
Tim suggested "user/group" or "user@group". That didn't work for you but
what about "role in group" where this is really a set of roles for which you
allow the user to specify the group part of the name.
In this case your security model would have roles such as "customer" and
"vendor" and groups such as "retail" and "wholesale" but the Tomcat
authentication structure would have roles of "retail-customer",
"retail-vendor", "wholesale-customer" and "wholesale-vendor". The number of
roles may get fairly large and you may want to consider a tool to manage
them but the concept would probably work.
I think you would have to write your own "isUserInRole" check to allow you
to concatenate the variables retrieved from the application but it wouldn't
be very complicated.
Murray
-----Original Message-----
From: Damian Minkov [mailto:damian@space-comm.com]
Sent: Tuesday, 30 September 2003 19:40
To: tomcat-user@jakarta.apache.org
Subject: Custom authenticate
For 2 weeks I'm fighting with the authentication in Tomcat.
Is it possible to make it authenticate the user with 3 params.
For example username, password, and group belongs to.
I need the third one because the roles of the user are different for
different groups.
I tried to make my own Valve and realm and to use the Valve as
authenticator but I can't get it work.
Some ideas ?
10x in advance
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org