Re: Setting a Request Attribute from a custom Realm

On Tue, Apr 13, 2021 at 9:22 PM Tim K wrote: > > On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote: > > As mentioned in that url, doing a pre-login of sorts before calling > > HttpServletRequest.login() may be a workaround to accomplish this, but > > then I would need to call my backend authentication s

Re: Setting a Request Attribute from a custom Realm

On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote: > As mentioned in that url, doing a pre-login of sorts before calling > HttpServletRequest.login() may be a workaround to accomplish this, but > then I would need to call my backend authentication service twice for > each login. > > -Tim I've been looki

Re: Setting a Request Attribute from a custom Realm

On Thu, Apr 8, 2021 at 1:38 PM Christopher Schultz wrote: > > I have some sketches of something like this literally on paper somewhere > around here to create an interface for applications subscribe to > authentication events. It would, for example, allow you to write a > "failed login" record to

Re: Setting a Request Attribute from a custom Realm

Tim, On 4/8/21 09:11, Tim K wrote: On Wed, Apr 7, 2021, 3:43 PM Christopher Schultz < ch...@christopherschultz.net> wrote: You can't, using the existing API. You might be able to do it with some nasty ThreadLocal solution, but I think you are stuck without resorting to legerdemain. -chris

Re: Setting a Request Attribute from a custom Realm

On Wed, Apr 7, 2021, 3:43 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > You can't, using the existing API. > > You might be able to do it with some nasty ThreadLocal solution, but I > think you are stuck without resorting to legerdemain. > > -chris Would it be possible to imple

Re: Setting a Request Attribute from a custom Realm

Tim, On 4/7/21 14:22, Tim K wrote: I have a custom realm which I'm receiving custom messages back within the realm code and I want to display these messages on the login page, but I have no idea how this can be accomplished with a custom realm which is overriding the Principle authent

Setting a Request Attribute from a custom Realm

I have a custom realm which I'm receiving custom messages back within the realm code and I want to display these messages on the login page, but I have no idea how this can be accomplished with a custom realm which is overriding the Principle authenticate method. Any help would be apprec

Re: Custom Realm

; >> Hi, >> >> I have some specific requirements for security and I have been >> trying to right a custom realm, that reads information from the >> database. >> >> 1. I have added a datasource in the global naming resources >> section in the server.xml

Re: Custom Realm

Oct 2014, at 22:37, Meeraj Kunnumpurath < > mee...@servicesymphony.com> wrote: > > > > Hi, > > > > I have some specific requirements for security and I have been trying to > right a custom realm, that reads information from the database. > > > > 1

Re: Custom Realm

ecurity and I have been trying to > right a custom realm, that reads information from the database. > > 1. I have added a datasource in the global naming resources section in the > server.xml > 2. I have packaged the realm class in a JAR file and copied it the server lib > 3. I ha

Custom Realm

Hi, I have some specific requirements for security and I have been trying to right a custom realm, that reads information from the database. 1. I have added a datasource in the global naming resources section in the server.xml 2. I have packaged the realm class in a JAR file and copied it the

Re: Tomcat 6.0 Custom Realm with Digest Authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sailendra, On 10/2/2011 3:44 PM, sailendra karthik wrote: > I am able to develop a custom realm with basic type Great. > But when i change this to DIGEST it is not digesting the password. I think maybe you are misunderstanding how

Tomcat 6.0 Custom Realm with Digest Authentication

Hi, Iam able to develop a custom realm with basic type But when i change this to DIGEST it is not digesting the password. Please provide Any example or some detailed steps.

Re: Custom Realm - Tomcat 5.5 to Tomcat 7 Migration

2011/8/19 Steve Ratay : > I have a custom realm that is quite complex and uses a variety of third party > libraries, including Spring.  In Tomcat 5.5, I placed the Realm and all of > the JARs it depended upon in the server/lib directory.  This kept these > classes in the Catalina

Custom Realm - Tomcat 5.5 to Tomcat 7 Migration

I have a custom realm that is quite complex and uses a variety of third party libraries, including Spring.  In Tomcat 5.5, I placed the Realm and all of the JARs it depended upon in the server/lib directory.  This kept these classes in the Catalina class loader, which was not visible to any web

RE: Custom Realm

> From: Michael Dockery [mailto:dockeryjava...@yahoo.com] > Subject: Custom Realm > Q1) Should I create a new custom realm (..subClass > of RealmBase) which is based-on/copied-from the > original/standard tomcat realm?   You can, but wouldn't it be simpler to subclass the

Custom Realm

I need to override a single method in a standard tomcat6 realm for a particular webApp/context.    The method:   RealmBase.getPrincipal(X509Certificate usercert) Q1) Should I create a new custom realm (..subClass of RealmBase) which is based-on/copied-from the original/standard tomcat realm

Re: Custom Realm - How to get the authenticated principal?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ambarish, On 3/4/2009 6:11 AM, Ambarish Mitra wrote: > The external system does not store the tomcat realm roles. Why don't you do what I suggested and override the hasRole() method in your Realm to return true unconditionally? Or, you could include

Re: Custom Realm - How to get the authenticated principal?

usernames in the tomcat Realm. Now, from here in the Valve, how do I get >> the >>> roles of the user in the tomcat realm? >> Which Realm are you trying to use? >> >> I am using a custom realm. I am not using any of the standard realms > because >> the a

RE: Custom Realm - How to get the authenticated principal?

from here in the Valve, how do I get > the >> roles of the user in the tomcat realm? > > Which Realm are you trying to use? > > I am using a custom realm. I am not using any of the standard realms because > the authentication is not handled by the standard realms. > >

Re: Custom Realm - How to get the authenticated principal?

hen read in the Valve - it is one of the >> usernames in the tomcat Realm. Now, from here in the Valve, how do I get > the >> roles of the user in the tomcat realm? > > Which Realm are you trying to use? > > I am using a custom realm. I am not using any of the standard rea

RE: Custom Realm - How to get the authenticated principal?

in web.xml file. > > (The userid of the external system and tomcat is the same - that is point of > match.) > > To solve this problem, I thought of writing a custom realm, which will be > programmed that if the Principal has null role, then it will get the roles > from the Tomcat rea

Re: Custom Realm - How to get the authenticated principal?

gt; we have granted to roles=role1, tomcat in web.xml file. > > (The userid of the external system and tomcat is the same - that is point of > match.) > > To solve this problem, I thought of writing a custom realm, which will be > programmed that if the Principal has null role, then

RE: Custom Realm - How to get the authenticated principal?

On 3/3/2009 7:57 AM, Ambarish Mitra wrote: > Goal: I have a web-app which I have protected with an external > authentication engine. To achieve this, I have written a custom valve which > sets a principal. I'm not sure you need a Valve. Why not just write a custom Realm (as you

Re: Custom Realm - How to get the authenticated principal?

u need a Valve. Why not just write a custom Realm (as you have done) and use that instead of one of the built-in Realms? > Here, I do not get the roles of the user, so the principal object is been > set without roles, and so, the authorization to the webapp is being denied > (although a

Custom Realm - How to get the authenticated principal?

I on Tomcat 5.0.28 on Redhat Linux AS4. I have some doubts on creating (programming) a custom realm, and I could not find my answers after a google search. Goal: I have a web-app which I have protected with an external authentication engine. To achieve this, I have written a custom valve which

Re: context.xml and custom realm

Caldarale, Charles R wrote: From: Jeff Powell [mailto:[EMAIL PROTECTED] 4. Set up a login.config file for Java (see JAAS LoginConfig file) and tell Tomcat where to find it by specifying its location to the J

RE: context.xml and custom realm

Well then let's just drop it. Thanks anyway. -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wed 7/23/2008 4:39 PM To: Tomcat Users List Subject: RE: context.xml and custom realm > From: Jeffrey R. Powell [mailto:[EMAIL PROTECTED] >

RE: context.xml and custom realm

> From: Jeffrey R. Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > Jaas.config is a typo should be jaas.conf has the same contents as > auth.conf on the dev server. Let's stop confusing the issue and instead stick to just one system; once tha

RE: context.xml and custom realm

> From: Jeffrey R. Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > Won't they be passed in the Map options on the Init? I have no idea what you're asking there. > I thought that's what the > JAVA_OPTS=-DJAVA_OPTS=-Djava.security.

RE: context.xml and custom realm

Jaas.config is a typo should be jaas.conf has the same contents as auth.conf on the dev server. -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 4:32 PM To: Tomcat Users List Subject: RE: context.xml and custom realm > From: J

RE: context.xml and custom realm

Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 4:27 PM To: Tomcat Users List Subject: RE: context.xml and custom realm > From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > I created a auth.conf file in my $CATALINA_HOME/

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > > Remove the path attribute - it's not allowed. > appName="dropInv" > userClassNames="com.ips.security.UdUser" > roleClassNames=&

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > I created a auth.conf file in my $CATALINA_HOME/conf and > pointed the JVM to it. How? You should be setting the system property java.security.auth.login.config just for Tomcat rather th

RE: context.xml and custom realm

I just added the appName for testing and it didn't help. com.ips.security.* is in the project .war file. Production server : JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config==/opt/tomcat/conf/jaas.config as well as the JVM settings similar to those on the dev server. Development

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > java.lang.SecurityException: Unable to locate a login configuration What do you have as the value of the system property java.security.auth.login.config? That has to be set to point

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > Deploy dropInv.war on 6.0.13 production server and I get this again. > > Is JAAS broken? No, you just haven't put the stated class in a usable location. What's in your ?

RE: context.xml and custom realm

Deploy dropInv.war on 6.0.13 production server and I get this again. Is JAAS broken? INFO: Deploying web application archive dropInv.war Jul 23, 2008 3:59:19 PM org.apache.catalina.realm.JAASRealm parseClassNames SEVERE: Class com.ips.security.UdUser not found! Class not added. Jul 23, 2008 3:59

RE: context.xml and custom realm

Typo in the context.xml > SEVERE: Class com.ips.security.User not found! Class not added. > Jul 23, 2008 2:54:43 PM org.apache.catalina.realm.JAASRealm > parseClassNames > SEVERE: Class com.ips.security.Roles not found! Class not added. > Jul 23, 2008 2:54:44 PM org.apache.catalina.core.StandardCo

RE: context.xml and custom realm

I created a auth.conf file in my $CATALINA_HOME/conf and pointed the JVM to it. /usr/local/apache-tomcat-6.0.16/auth.conf: dropInv { com.ips.security.UdLoginModule required; loginFile="VALIDATION"; loginKey="100!IPS.DROP.AUTH"; userAttr="3"; credAttr="4";

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > But so far all the examples with JAAS don't show how to > just create the minimal framework for a webapp. While it's true that a single JVM instance only allows specification of

RE: context.xml and custom realm

Chuck, Thanks for your response. > You really, really want to stay away from any use of odbc. You're right, I do. odbc doesn't speak multi-value and unidata doesn't return result sets. > I'm confused; first you ask about JAASRealm, and then close with a comment > about JDBCRealm. Which is

RE: context.xml and custom realm

> From: Jeff Powell [mailto:[EMAIL PROTECTED] > Subject: RE: context.xml and custom realm > > I am trying to create a custom realm but it seems that > with JAAS I have to create a global realm for a specific > application. You shouldn't have to. Just put the inside the

RE: context.xml and custom realm

I am trying to create a custom realm but it seems that with JAAS I have to create a global realm for a specific application. I am also having copious troubles getting it to work. I'd like to be able to use a JDBC like approach with named arguments. My problem is that the database (unidata)

RE: context.xml and custom realm

> From: Carol Cheung [mailto:[EMAIL PROTECTED] > Subject: context.xml and custom realm > > Is it possible to place the realm and the database driver somewhere > under webapps/appname and still have Tomcat find it? I really want to > avoid having to restart Tomcat. If so, whe

context.xml and custom realm

I'm trying to set up a custom realm in context.xml and placing it in META-INF, according to http://tomcat.apache.org/tomcat-5.5-doc/config/context.html because I don't want to restart Tomcat if I need to modify the Context element or my custom realm. But according to http://tomcat.

Re: How to write a custom realm?

> >> Hi, Everyone, > >> > >> Where could I find the document of how to write a custom realm? > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >

Re: How to write a custom realm?

With any luck - this will be accurate enough: http://www.jroller.com/funkman/entry/howto_create_a_realm_in -Tim On Wednesday 10 October 2007, quanxin zhu wrote: Hi, Everyone, Where could I find the document of how to write a custom realm

Re: How to write a custom realm?

m/ofc/tomcat/ Although I don't claim that my code is worthy of emulating ;) On Wednesday 10 October 2007, quanxin zhu wrote: > Hi, Everyone, > > Where could I find the document of how to write a custom realm? > >Many Thanks! > > > zhu -- Nicholas Sush

Re: How to write a custom realm?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zhu, quanxin zhu wrote: > Where could I find the document of how to write a custom realm? Realm is just an interface: http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/Realm.html Fortunately, there's a RealmBa

How to write a custom realm?

Hi, Everyone, Where could I find the document of how to write a custom realm? Many Thanks! zhu

Re: Tomcat authentication custom realm digest="md5" ignored

s. On Windows, > there are only two applications that are running from paths under a > common root. Could be the result of bug fixed in 5.5.x. Try using the 5.5.x code in your custom realm rather than extending the 5.0.x realm. Mark

Tomcat authentication custom realm digest="md5" ignored

Hi, I have this setup working on my Windows development computer under Tomcat 5.5. Everything works fine. I get a hash value from Oracle and pass it back to Tomcat on request. BUT! I can't get it to work in test environment on Solaris under Tomcat 5.0.28. The major difference in configura

RE: What is the proper location for custom realm and principle classes?

> From: Page, Steve C. [mailto:[EMAIL PROTECTED] > Subject: RE: What is the proper location for custom realm and > principle classes? > > It's working on 5.5. I'm running this on an AS/400, so the startup > command is very different. Could you send me the startup c

RE: What is the proper location for custom realm and principle classes?

PROTECTED] -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Friday, March 02, 2007 6:13 PM To: Tomcat Users List Subject: RE: What is the proper location for custom realm and principle classes? > From: Page, Steve C. [mailto:[EMAIL PROTECTED] > Subject: RE: Wh

RE: What is the proper location for custom realm and principle classes?

> From: Page, Steve C. [mailto:[EMAIL PROTECTED] > Subject: RE: What is the proper location for custom realm and > principle classes? > > I'll try moving the principal class to common and > see if that works. That worked for me in 5.5, but not 6.0. For the newer versio

RE: What is the proper location for custom realm and principle classes?

lyst/Developer BFDP Information Technology (317) 818-8685 [EMAIL PROTECTED] -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Friday, March 02, 2007 5:46 PM To: Tomcat Users List Subject: RE: What is the proper location for custom realm and principle classes? &

RE: What is the proper location for custom realm and principle classes?

> From: Page, Steve C. [mailto:[EMAIL PROTECTED] > Subject: What is the proper location for custom realm and > principle classes? The doc is pretty clear for both 5.5 and 6.0. Since you're dealing with principals, the closest model is the JAAS Realm. > If I left the classes i

What is the proper location for custom realm and principle classes?

All- I have this working, but I want to make sure I am following best practices. I created customer realm and principle classes. If I left the classes in WEB-INF/classes, I received a ClassNotFoundException on the realm class. If I put the classes in common/classes, I received a ClassNotFound

Help with custom Realm

.com/logout"; myThingieName="a.unique.name.for.something.i.Need" /> Of course, I have a pretty mbean for the realm (I'm implementing RealmBase to save me some time although I don't use 80% of RealmBase) and my custom realm comes up fine. What I haven't figured out how t

Re: Is custom realm using user/role data in webapp possible?

You can do it. But there are a few quirks. Your Realm classes have to be accessible to the server class loader. This means another layer of indirection is needed to keep all your webapp specific classes out of the common/server classloader. What we did, where: Common Classloader: An interfac

Is custom realm using user/role data in webapp possible?

As opposed to having realm read from external source like ldap or jdbc... My webapp JASM uses in-memory user/role database. I realize this isn't "ideal"...but. JASM uses simple form-like authentication hard-wired into jsp. I couldn't use basic/form because user database is stored in serialized da

Re: Custom realm extending JDBCRealm

HI!! Just solved. I was using tomcat 5.5.0. I was looking at sources of 5.5.16. I suppose that the authenticate method of 5.5.0 doesn't use getPassord method. I tried it in 5.5.16 and everything works fine Thanks for attention Alessandro On 3/24/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote:

Custom realm extending JDBCRealm

Hi all! For some reasons I had to extend JDBCRealm to overwrite the method getPassword. This is myRealm: public class ManoloJDBCRealm extends JDBCRealm{ private static Log log = LogFactory.getLog(ManoloJDBCRealm.class); protected String getPassword(String username) { System.out.println("u

Problems with custom Realm and class loading (long)

Hi, I hope someone will help with this. I'm running Tomcat 5.5 on the front-end and Jboss 4.0.3 in the back end, running with Java 5. We designed our security module, so I wrote a custom Realm by extending RealmBase. I put the Realm under server/lib. The realm uses a Business Delegate, whi