Hi everybody!
I hope someone could help, I'm really lost and I need to solve it as soon as possible.....
First of all, I would like to know if it is possible with Tomcat to have differents Realms depending of the application...for instance, to have the Default Realm to access to the Tomcat Admin console and another one to authenticate users that want to access to another web application inside the same Tomcat server but this time with a Custom Realm. Is it possible?
Anyway, I have manage to implement my own Custom Realm, althouth it really doen't anything interesting at the moment. The authentication code I'm using is shown above:
public Principal authenticate(String username, String credentials) {
ArrayList roles = new ArrayList();
roles.add("admin");
return (new GenericPrincipal(this, username,credentials, roles ));
}
This allows me to authenticate fine everybody and make some useful tests to try to undestand what's going on, but it's not enough for me and I need more help...
What I pretend is to authenticate the user ( with user and password ) against an EJB. If the EJB accepts the user, I supose I have to create a valid Principal with a valid role list, but I don't undestand this step. Is it possible to return a Principal without any Role? And of course, to allow him the access to the web application.?
The second and most important question is:
I need to set a session attribute that my EJB client gives me, but I don't know how can I get the current user Session. I supose that the session doen't exist at this moment, isn't it? But, is there a way where I can do anything similar? I need, once the user is logged, to use this attribute.
My best regards in advance!
I'm looking forward to hearing from you!
Ivan Fontanals
>-<
This email has been digitally signed. You can verify its authenticity by installing Safelayer's Root Certificate:
http://ca.safelayer.com/install_root.html
>-<
IMPORTANT NOTICE: This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender. The opinions expressed within this communication are not necessarily those expressed by Safelayer Secure Communications.
smime.p7s
Description: S/MIME Cryptographic Signature
