Is there another commonly used (perhaps not distib'd with tomcat)
implementation of Realm that allows a more programmatic type of
authentication?
I know that a couple other servers provide something like a
boolean <ServerName>.authenticate(String user, String pass), which
checks against the predefined (web.xml) datasources (allowing
pre-processing of form submitted username/password, such as username
aliases or cross-lookup against email address, etc)..
or
void <ServerName>.login(String user), which takes only the Principal and
implicitly logs that person in (leaving the password or id validation
logic to the implementor, an example being X509 client authentication
which can have widely varied rules for when to accept a cert):
if (CertValidator.validate(userCert))
{
Principal userPrincipal = CertValidator.getUserPrincipal(userCert);
TomcatReam.login(userPrincipal);
}
Just wondering if there's something already built for tomcat.. The
latter example is preferable (for me) since it's more abstract and
doesn't require the server built-in user databases.
Also, does anyone know of a JCP, etc proposal to define a
server-interface that supports something like either of these two?
Thanks very much for any suggestions,
ken
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
