Hi everyone,
Just for my own education, I decided to write my own authentication-stuff
for tomcat 3.2.2
To that end I wrote a Request Interceptor that takes 2 parameters
called "realmProviderClass" and "setupString".
The "realmProviderClass" is the fully-qualified class name of a class which
implements
the "RealmProvider" interface which looks like the following:
public interface RealmProvider
{
public boolean authenticate(String username, String credentials) throws
Exception;
public String[] getUserRoles(String username) throws Exception;
public boolean initialize(String setupstring) throws Exception;
public void shutdown() throws Exception;
}
The "setupString" parameter is passed to the initialize method of the
RealmProvider class
during context initialization.
I thought that this might be an easy way to implement various different
authentication schemes
by delegating to a "RealmProvider". One could write a "SimpleRealmProvider"
or a "JDBCRealmProvider"
etc.
Does anyone think this might be a good idea for inclusion in tomcat?
-Mike
______________________
Mike Jennings
Southgate Software Ltd.
250-382-6851 (ph)
250-382-6800 (fax)
[EMAIL PROTECTED]
