You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Marc Tinkler <ti...@plumbdesign.com> on 2002/02/08 01:30:20 UTC
Aggregate Realms?
Hello,
Since containers can only have a single realm, I would like to implement a Realm that acts like an aggregator. It could contain other realms, and delegate authenticate calls to each one, in order, and the first on that answered would provide the Principal. This should be easy to implement, but the hard part is getting a hook into the xml mapper to do the configuration.
Ideally, you would want the server.xml file to look something like this:
<Realm className="com.plumbdesign.tomcat.realm.AggregateRealm">
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<Realm className="com.plumbdesign.tomcat.realm.ActiveDirectoryRealm"
serverName="ad.foobar.com"
domainName="foobar.com" />
</Realm>
My question is, can this be done? Is there any way for a realm to add XMLActions to control the way it is deserialized from XML? Any ideas?
Marc Tinkler
________________________________________________________________________
p l u m b d e s i g n
marc tinkler | cto, principal
157 chambers st ny ny 10007
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Aggregate Realms?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
A third option (which of course I thought of just after pressing SEND :-)
is to use the JAASRealm (HEAD branch only), and define your aggregation
inside JAAS. It seems to be oriented towards this sort of use case.
Craig
On Thu, 7 Feb 2002, Marc Tinkler wrote:
> Date: Thu, 7 Feb 2002 19:30:20 -0500
> From: Marc Tinkler <ti...@plumbdesign.com>
> Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> To: tomcat-dev@jakarta.apache.org
> Subject: Aggregate Realms?
>
> Hello,
>
> Since containers can only have a single realm, I would like to implement a Realm that acts like an aggregator. It could contain other realms, and delegate authenticate calls to each one, in order, and the first on that answered would provide the Principal. This should be easy to implement, but the hard part is getting a hook into the xml mapper to do the configuration.
>
> Ideally, you would want the server.xml file to look something like this:
>
> <Realm className="com.plumbdesign.tomcat.realm.AggregateRealm">
> <Realm className="org.apache.catalina.realm.MemoryRealm" />
> <Realm className="com.plumbdesign.tomcat.realm.ActiveDirectoryRealm"
> serverName="ad.foobar.com"
> domainName="foobar.com" />
> </Realm>
>
>
> My question is, can this be done? Is there any way for a realm to add XMLActions to control the way it is deserialized from XML? Any ideas?
>
> Marc Tinkler
>
> ________________________________________________________________________
> p l u m b d e s i g n
> marc tinkler | cto, principal
> 157 chambers st ny ny 10007
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Aggregate Realms?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 7 Feb 2002, Marc Tinkler wrote:
> Date: Thu, 7 Feb 2002 19:30:20 -0500
> From: Marc Tinkler <ti...@plumbdesign.com>
> Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> To: tomcat-dev@jakarta.apache.org
> Subject: Aggregate Realms?
>
> Hello,
>
> Since containers can only have a single realm, I would like to implement a Realm that acts like an aggregator. It could contain other realms, and delegate authenticate calls to each one, in order, and the first on that answered would provide the Principal. This should be easy to implement, but the hard part is getting a hook into the xml mapper to do the configuration.
>
> Ideally, you would want the server.xml file to look something like this:
>
> <Realm className="com.plumbdesign.tomcat.realm.AggregateRealm">
> <Realm className="org.apache.catalina.realm.MemoryRealm" />
> <Realm className="com.plumbdesign.tomcat.realm.ActiveDirectoryRealm"
> serverName="ad.foobar.com"
> domainName="foobar.com" />
> </Realm>
>
>
> My question is, can this be done? Is there any way for a realm to add
> XMLActions to control the way it is deserialized from XML? Any ideas?
>
Right now, the nested <Realm> elements would not be recognized, because
the pattern matcher matches on things like ".../Context/Realm" but not
".../Context/Realm/Realm". One option would be to define a bean property
on your AggregateRealm implementation that pointed at an external XML
file, for which you could then construct your own XmlMapper (4.0) or
Digester (HEAD branch) to parse the nested realms, based on the rules that
Catalina normally uses.
In the HEAD branch, Digester also has the ability to recognize some wild
card patterns like "*/Realm" to match a <Realm> element no matter where it
is nested. It would take some refactoring of how the Digester rules are
created (in ContextConfig), but might be feasible.
> Marc Tinkler
>
Craig McClanahan
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>