Assuming that your Realm is really an o.a.c.Realm, then all you need is to
write an Authenticator to work with your Realm. Something like:
public class MyAuthenticator extends
org.apache.catalina.authenticator.AuthenticatorBase {
public boolean authenticate(Request request, Response response
LoginConfig config)
throws IOException {
MyRealm realm = (MyRealm)context.getRealm();
Principal principal = realm.authenticate(request);
if(principal == null) {
response.sendError(401, "Not Authorized");
return false;
}
return true;
}
}
Package it in a jar in server/lib, and then in your context.xml do something
like:
<Context>
<Valve className="com.myfirm.mypackage.MyAuthenticator" />
<Realm className="com.myfirm.mypackage.MyRealm" />
</Context>
"Kenny, Robert" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Our users don't currently logon to our Tomcat servers directly; they are
redirected to the Tomcat servers with their encrypted credentials (a
security token). Our Tomcat Database Realm then seamlessly
re-authenticates the user on the Tomcat server.
We currently don't use Tomcat's container management for this but would
like to but we need a way to logon to a Tomcat server instance
seamlessly using the security credentials provided on the URL. We
currently call servlets that then call the Database Realm directly.
Is there a way to configure Tomcat so that when a protected resource is
accessed it will attempt to authenticate the user to the container from
the remote/custom Security Credentials in the URL before prompting the
user for their Security Credentials ('j_security_check' logon page)?
Thanks,
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
