Why do you wish to do this? Perhaps elaborating on the " exchange with the user in a front filter" bit will get you a more satisfactory answer?
Tim -----Original Message----- From: Chapoor Chapoor [mailto:[EMAIL PROTECTED] Sent: Thursday, April 20, 2006 4:34 AM To: Tomcat Users List Subject: Re: CMS and JAAS Thanks Rolf, but it is not what I m looking for. The major difference in my structure is that I want do authentication manually (like from a servlet/filter to call Jaas, I dont want to use basic, form, cert methods) and in some way notify the container with credentials (so the authorization can be taken over by the server). Thank you On 4/20/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > The JSPWiki team has done something into the same direction. > I tested the deployment of Andrews implementation and collected a > checklist. > It's not exactly what you are asking for but it could help to inspire you > where look for errors. > > > http://wiki.jcrud.org/jcrud/Wiki.jsp?page=ChecklistForContainerManagedAuthen tication > > (AAA stands for "Authentication And Authorization") > > Have fun > > Rolf > > > It is strange that it is so quiet about this issue. > > I can't be the only one who gets affected, many projects must have come > > across this. > > > > Thank you > > > > > > On 4/18/06, Chapoor Chapoor <[EMAIL PROTECTED]> wrote: > >> > >> Hi, > >> > >> I m stucked in a security authentication/authorization issue, which I > >> hope > >> you have some advice for me. > >> > >> In simple words, I want to use the Web container security (for > >> authorization) together with my own JAAS implementation (for > >> authentication). > >> > >> How to achieve this ? > >> > >> I don't want to use the BASIC, FORM, CLIENT-CERT etc auth-methods. I > >> want > >> to by pass these and hit my JAAS login model. > >> The reason is that we collect user information in different way, by an > >> exchange with the user in a front filter. > >> > >> I cant get this to work, even though that I have configured my > >> loginmodule, user, role and configured the JAASRealm in Tomcat, > >> > >> This is how I want to do it (in theory). > >> 1. User enters a URL (e.g. /mycontext/cars/), > >> 2. The SecFilter gets triggered, which ends by exchanging user > >> information, > >> 3. The MyLoginModule gets called with user information > >> 4. User is been looked up and get assigned a User/Role Principals. > >> 5. Login is OK > >> 6. Now the web container security can take place and checks in web.xml > >> if > >> this user is-in-role to call /cars url. > >> > >> I've searched the entire web but could not see any good article about > >> this. Am I the only one who wants to by-pass the auth-methods but still > >> can > >> provide good authentication and "standard" web-authorization. > >> > >> (I've seen some work-around such as: > >> http://www.kopz.org/public/documents/tomcat/jaasintomcat.html but this > >> is > >> a work-around, which I dont like). > >> > >> > >> > >> Please advice, > >> > >> > >> Thank you for reading, and sorry for the long email. > >> > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
