You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Vincent Delhommois <vi...@voila.fr> on 2006/02/28 09:17:27 UTC
j_security_check and JAAS => GOOD or BAD ?
Hello,
When I look all the JAAS example, I see that you have to use the following code to use the LoginModule, etc...
LoginContext lc = new LoginContext("MyExample");
try {
lc.login();
} catch (LoginException) {
// Authentication failed.
}
The "MyExample" is the name that you can retrieve in the jaas.conf.
What is the link between the j_security_check and JAAS ?
Is that a good thing to use j_security_check and my custom LoginModule ? Right works fine exept I don't use the LoginContext lc = new LoginContext("MyExample");
Thanks for your comments.
Re: j_security_check and JAAS => GOOD or BAD ?
Posted by Franck Borel <bo...@ub.uni-freiburg.de>.
Hi Vinc,
> Hello,
> When I look all the JAAS example, I see that you have to use the
following code to use the LoginModule, etc...
> LoginContext lc = new LoginContext("MyExample");
> try {
> lc.login();
> } catch (LoginException) {
> // Authentication failed.
> }
> The "MyExample" is the name that you can retrieve in the jaas.conf.
> What is the link between the j_security_check and JAAS ?
You can use JAAS in different contexts. It's not necessary a Tomcat
thing. Tomcat comes with a FORM-authentication, this is what you are
using. Now, to make JAAS works with the FORM-authentication (notice that
the FORM-authentication works also without JAAS!), you use a JAAS-realm.
A JAAS-Realm is a class that implements the class Realm and wraps an
authentification type. This is what I think you mean with "link".
> Is that a good thing to use j_security_check and my custom
LoginModule ? Right works fine exept I don't use the LoginContext lc =
new LoginContext("MyExample");
> Thanks for your comments.
Using j_security_check is always a good idea, if you want to
authenticate a user with username/password and if you don't need any
other results as "user was authenticate" and "user authentication
failed". If you need more than a simple username/password combination to
authenticate a user, like an IP address or other extra attributes you
will need an other tool to do so (or rewrite classes in the
org.apache.catalina.authenticator :-)). To get more sophisticated
results in your error-login.jsp like "account expired" or "insufficient
rights" you will also need something different as j_security_check.
In this case you can try to use filters.
-best regards
Franck
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org