You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Amine AMAR <a....@dns1.caciopee.com> on 2001/12/27 19:33:31 UTC
JAAS support in Tomcat 4
Hi all,
Does Tomcat 4 have support for JAAS?
I know TC is not a full J2EE Server, but I'm just wondering.
If there is, no support in TC for that do you know of any other security framework supported in TC (especially compatible with Struts)?
Thanks all
Amine
Re: JAAS support in Tomcat 4
Posted by Vic Cekvenich <vi...@basebeans.com>.
I have used JDBC realms in Tomcat w/Struts. Works great.
Vic
Craig R. McClanahan wrote:
>
>On Thu, 27 Dec 2001, Amine AMAR wrote:
>
>>Date: Thu, 27 Dec 2001 18:33:31 -0000
>>From: Amine AMAR <a....@dns1.caciopee.com>
>>Reply-To: Tomcat Users List <to...@jakarta.apache.org>
>>To: Tomcat Users List <to...@jakarta.apache.org>
>>Subject: JAAS support in Tomcat 4
>>
>>Hi all,
>>
>>Does Tomcat 4 have support for JAAS?
>>I know TC is not a full J2EE Server, but I'm just wondering.
>>
>
>In the nightly downloads of Tomcat 4, you'll find an experimental
>JAASRealm implementation. Right now, it only supports authentication, not
>roles -- I don't know how you're supposed to program that in a generic way
>using the JAAS APIs.
>
>>If there is, no support in TC for that do you know of any other
>>security framework supported in TC (especially compatible with
>>Struts)?
>>
>
>It would be technically feasible to implement this yourself. The best way
>would be to write a Filter that was mapped to all requests, and checked
>for a valid login (with a redirect to the login page as needed). The
>filter would also have to receive the username/password and use JAAS to
>look up the user.
>
>Essentially, you'd be simulating what a container like Tomcat does for
>form-based login. IMHO, it's better to let the container do this kind of
>thing for you, but doing it at the application level can be more portable,
>so sometimes it's worth it.
>
>>Thanks all
>>
>>Amine
>>
>
>Craig
>
>
>
>--
>To unsubscribe: <ma...@jakarta.apache.org>
>For additional commands: <ma...@jakarta.apache.org>
>Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: JAAS support in Tomcat 4
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 27 Dec 2001, Amine AMAR wrote:
> Date: Thu, 27 Dec 2001 18:33:31 -0000
> From: Amine AMAR <a....@dns1.caciopee.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: JAAS support in Tomcat 4
>
> Hi all,
>
> Does Tomcat 4 have support for JAAS?
> I know TC is not a full J2EE Server, but I'm just wondering.
>
In the nightly downloads of Tomcat 4, you'll find an experimental
JAASRealm implementation. Right now, it only supports authentication, not
roles -- I don't know how you're supposed to program that in a generic way
using the JAAS APIs.
> If there is, no support in TC for that do you know of any other
> security framework supported in TC (especially compatible with
> Struts)?
>
It would be technically feasible to implement this yourself. The best way
would be to write a Filter that was mapped to all requests, and checked
for a valid login (with a redirect to the login page as needed). The
filter would also have to receive the username/password and use JAAS to
look up the user.
Essentially, you'd be simulating what a container like Tomcat does for
form-based login. IMHO, it's better to let the container do this kind of
thing for you, but doing it at the application level can be more portable,
so sometimes it's worth it.
> Thanks all
>
> Amine
>
Craig
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>