Hola, >Re. "There's almost no conceivable good use-case for needing the actual >Realm object in your webapp.", here is one: We receive requests from a >dumb Windows client application (no SOAP, simple stupid proprietary XML >format in HTTP) that sends a uid/pwd somehwere inside the POST payload, >not even as BASIC, and so have to validate that... how would you do that?
Yeah, that's why I said "almost." ;) There's always someone somewhere with a legacy app with a proprietary protocol, and in those cases one usually must take extra measures. Yours seems like such a case. I'm well aware that it's impossible for any one person to preclude the existence of any use-case given Tomcat's amazingly wide user base, and that's why I included the "almost" in my assertion that you quote above ;) Of course, depending on the amount of control you have, and/or your requirements, one might argue that you time is better spent modifying the Windows client app to use a standard authentication approach. But that's beyond the scope of this thread or this mailing list in general. >On Tomcat however that JAAS approach is not so far possible. See also my >post yesterday "Authenticate against realm in web app: JAAS >TomcatRealmProxyLoginModule? (WAS: The good way of making JAAS and Realm >authentication use the same back-end authentication system?)". I didn't follow your thread yesterday. But if you end up writing such a module, I'd be very interested in seeing it, and of course with your permission incorporating it into Tomcat. Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
