That's the job of the webapp :) All i see in my point of view is a user / pass checking method to implement (for information the webapp uses osuser authentification mecanism. So i have to provide an implementation of com.opensymphony.user.provider.CredentialsProvider which negociate it with tomcat. (Please note i only want to check password, i let the webapp manage the role system all by itself)
Poornachandran a écrit : > Okay, I see your point. > > But, if a user requests a secure page without logging in, how will you > find out? Are you using a Servlet Filter or something? > > Poorna > > David Delbecq wrote: > >> Hello Poornachandran, >> >> as i said webapp X manage authentification all by itself (basically >> using it's own providers, so there is now security constraint and so on >> in the web.xml, webapp does not use container managed security, and i >> have no control over this, closed source webapp), but it provides an >> extension mecanism (implement a given interface). I'd like to implement >> a simple class that just do something like >> tomcatContainer.checkCredentials(user,userprovidedpass), which will >> check those credentials against configured realm. Or, if i have no other >> choice, will instanciate the realm, configure it and use it. (I just >> hope don't need to do that, this sound awfull). >> >> So, obviously, in webapp, a request.getUserPrincipal() will always >> return null. >> >> Poornachandran a écrit : >> >> >> >>> Hi David, >>> >>> I am just wondering after your app authenticates, are you able to get >>> not-null from request.getUserPrincipal(). I understand this is how the >>> container understands that user is logged on or not. >>> >>> Poorna >>> >>> David Delbecq wrote: >>> >>> >>> >>>> Hello, >>>> >>>> I probably will have the following webapp structure to configure >>>> - webapp X manage authentification all by itself (using forms and >>>> so on) >>>> but provide a way to configure your own credential using a quite basic >>>> checkPassword(user,pass) interface. >>>> - Tomcat is able to authenticate all my users for now (connecting to a >>>> ldap-like JNDI structure) >>>> >>>> Is there a way from the webapp to call tomcat api and have it check a >>>> user/password according to configured realm? >>>> >>>> Thanks. >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
