On Tue, 12 Nov 2002, Algirdas P. Veitas wrote:
> Date: Tue, 12 Nov 2002 16:04:36 -0700 > From: Algirdas P. Veitas <[EMAIL PROTECTED]> > Reply-To: Tomcat Developers List <[EMAIL PROTECTED]> > To: Tomcat Developers List <[EMAIL PROTECTED]> > Subject: Re: Servlet Spec interpretation FORM-based authentication > > Craig, > > Thank you for clearing this up. Here is what we are ultimately > trying to do given our requirements. > > We need to introduce the concept of a domain when authenticating users. > Meaning "jdoe" in "Domain X" is not the same user as "jdoe" in "Domain Y". > > Thus, we would like to add another input tag into the j_security_check > form so that the user can specify their respective domain. > > Given the current implementation in the FormAuthenticator, is their any way > that we can gain access to the "domain" parameter after Catalina performs > authentication while maintaining conformity to the servlet specification? > The set of fields on a form login page are defined in the servlet spec, so adding extra fields beyond j_username and j_password would break compatibility with every other servlet container. Obviously, you can make that kind of a change in your own copy of Tomcat, but it would be problematic to do things like that in the standard release. How most people deal with the issue you raise is to combine the username and the domain (in your scenario) into the j_username field of the login (perhaps with usernames like "jdoe@domainx" and "jdoe@domainy" or something like that), and disambiguate in the Realm implementation as needed. That way, you can use the standard container managed facilities and still be portable. > Thanks again, > > Al > Craig -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
