Different Realms with Differents Authentications Mecanisms

[Bárbara Vieira <ba...@di.uminho.pt>]

Hi everyone!

I have an application based on servlets, and two different authentication
mechanisms. The user can be authenticated with client
certificate(CERT-CLIENT), if there is a client certificate installed on the
web browser. And can be authenticated using an HTML form(FORM)  if the first
method doesn’t authenticate the user. My problem is that I’m able to
authenticate a user, using the Subject Distinguished Name as a username on
HTML form, without a password. 

I found a solution that might be right, but a have a question about that: 

 

Can I configure different Reamls to use on differents authentications
mechanisms in the same application? 

 

Regards from Braga, Portugal

Bárbara Vieira

 

RE: Different Realms with Differents Authentications Mecanisms

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Bárbara Vieira [mailto:barbarasv@di.uminho.pt] 
> Subject: Different Realms with Differents Authentications Mecanisms
> 
> Can I configure different Reamls to use on differents authentications
> mechanisms in the same application? 

I don't think so, at least not without modifying Tomcat source.  However, you could use the JAAS Realm, and supply two login modules, one for each mechanism.  JAAS allows you to configure such an environment as "all pass" or "any pass", and you'd want the latter.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org