You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Boudreau, Mike" <MB...@TRCSOLUTIONS.com> on 2001/12/31 16:34:14 UTC

j_security_check

I have a requirement to implement security via LDAP and RDBMS.  
 
I was planning on using Form Based Authentication utilizing the
j_sucurity_check.
 
I see that you can use a JDBC Realm, but can I implement an LDAP realm or
some custom solution and take advantage of the web.xml security
declarations?
 
Does the JDBC realm use connection pooling?    
 
Is there a standard way to extend the j_security_check in a way that will
work in other Servlet Containers (e.g. WebSphere, WebLogic)?
 
Thanks,
Mike

Re: j_security_check

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Mon, 31 Dec 2001, Boudreau, Mike wrote:

> Date: Mon, 31 Dec 2001 10:34:14 -0500
> From: "Boudreau, Mike" <MB...@TRCSOLUTIONS.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: "'tomcat-user@jakarta.apache.org'" <to...@jakarta.apache.org>
> Subject: j_security_check
>
> I have a requirement to implement security via LDAP and RDBMS.
>
> I was planning on using Form Based Authentication utilizing the
> j_sucurity_check.
>
> I see that you can use a JDBC Realm, but can I implement an LDAP realm or
> some custom solution and take advantage of the web.xml security
> declarations?
>

Tomcat 4 has a JNDIRealm implementation that can talk to LDAP servers.

> Does the JDBC realm use connection pooling?
>

Not at the moment.  It's on my list of things to fix, now that we have
global JNDI resources (in the nightly builds).

> Is there a standard way to extend the j_security_check in a way that will
> work in other Servlet Containers (e.g. WebSphere, WebLogic)?
>

The declaration of security constraints and form-based login that you do
inside the web.xml file is portable across all servers.  What is *not*
portable is how each server looks up users and roles (i.e. the Realm
concept in Tomcat) -- you will have to consult the documentation for each
server individually to see how that is done.

> Thanks,
> Mike
>

Craig McClanahan

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>