Re: How to get context realm from servlet and filter.

[Michael Vorburger]

Yoav,
Re. "There's almost no conceivable good use-case for needing the actual 
Realm object in your webapp.", here is one: We receive requests from a 
dumb Windows client application (no SOAP, simple stupid proprietary XML 
format in HTTP) that sends a uid/pwd somehwere inside the POST payload, 
not even as BASIC, and so have to validate that... how would you do that?

Agree that container-specific code should be avoided inside applications 
unless absolutely necessary - and on other containers that's easy, 
because you can use the JAAS API to authenticate uid/pwd from within a 
web application, e.g. both WebLogic or WebSphere have built-in JAAS 
LoginModule implementations which "forward" to whatever they call a realm.

On Tomcat however that JAAS approach is not so far possible. See also my 
post yesterday "Authenticate against realm in web app: JAAS 
TomcatRealmProxyLoginModule? (WAS: The good way of making JAAS and Realm 
authentication use the same back-end authentication system?)".

Thanks,
Michael
PS: Thanks for code snippet, we'll see if that helps us to write a 
better TomcatRealmProxyLoginModule, taking a context name as 
configuration parameter.


Shapira, Yoav wrote:
Hi,
I've posted this a number of times in the past on the list, so you can
STFA.  To summarize, you'd do something like this (most of these classes
are in the org.apache.catalina package):
Server server = ServerFactory.getServer();
Service service = server.findService("Catalina");
Engine engine = (Engine) service.getContainer();
Host host = (Host) engine.findChild(engine.getDefaultHost());
Context context = (Context) host.findChild("myContext");
Realm realm = context.getRealm();
I'm using the default service name of "Catalina" above: it should match
what's in your server.xml.  I'm also using "myContext" as a dummy:
obviously that should match your webapp name.  And finally, I'm getting
the Realm from the context, because that's what you asked for, but in
reality the Realm (or another realm) may be associated with the Host or
Engine as well.  So take the above code and modify it to your needs.
As always, I caution you and everyone else to not use Tomcat-specific
(or container-specific in general) code unless absolutely necessary.
Make your app as portable as possible.  There's almost no conceivable
good use-case for needing the actual Realm object in your webapp.
Yoav Shapira http://www.yoavshapira.com
 

-----Original Message-----
From: Chris Forbis [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 11:02 AM
To: Tomcat Developers List
Subject: Re: How to get context realm from servlet and filter.
Quick follow-up to your post.
I understand what you are saying.  But I am not sure how to get access
to the Container, can you point me in the correct direction?
Thanks!
On Thu, 14 Oct 2004 08:43:23 -0400, Shapira, Yoav
   

<[EMAIL PROTECTED]>
 

wrote:
   

Hi,
A Realm is associated with a Container, not necessarily a Context, so
the method is appropriately placed in the Container interface, a
     

parent
 

of the Context interface.  Obviously all this is not part of the
     

Servlet
 

API, so you'll have to write Tomcat-specific code to get it.
Yoav Shapira http://www.yoavshapira.com
     

-----Original Message-----
From: Chris Forbis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 13, 2004 6:24 PM
To: tomcat-dev
Subject: How to get context realm from servlet and filter.
I am trying to get the current contexts realms from a servlet (and
maybe a filter).  I do not see a getContext().getRealm() method.  So
       

I
 

am guessing there is another way to get to this, but I do not see
       

it.
 

Can any one provide some quick direction to me on this.  Thank you!
Chris
       

---------------------------------------------------------------------
   

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
       

This e-mail, including any attachments, is a confidential business
     

communication, and may contain information that is confidential,
proprietary and/or privileged.  This e-mail is intended only for the
individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an)
   

intended
 

recipient, please immediately delete this e-mail from your computer
   

system
 

and notify the sender.  Thank you.
   


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
     

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
   



This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
 


--
Michael Vorburger 
VP Engineering, Vertical*i
Tel. +41 (21) 317 57 47

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]