Re: Is custom realm using user/role data in webapp possible?

Fri, 26 May 2006 03:51:17 -0700 

You can do it. But there are a few quirks.
Your Realm classes have to be accessible to the server class loader. This means another layer of indirection is needed to keep all your webapp specific classes out of the common/server classloader. 

What we did, where:

Common Classloader:
An interface redefining the authentication mechanism.

A wrapper class (let's call it AWC) with get/set methods for the above 
interface.


Server Classloader:
Realm class. All this does is look up the AWC via JNDI to perform auth.

Webapp:
The wrapper class is published via JNDI (set up in context.xml).

On startup (ContextListener) looks up the AWC via JNDI and sets an 
implementation of the authentication mechanism for your webapp.
On shutdown clean up the authenticator in the AWC (allows 
WebappClassloader to be garbage collected).



HTH,

Jon

Mike Klein wrote:

As opposed to having realm read from external source like ldap or jdbc...

My webapp JASM uses in-memory user/role database. I realize this isn't
"ideal"...but.

JASM uses simple form-like authentication hard-wired into jsp. I
couldn't use basic/form because user database is stored in serialized
data in webapp.

Well...now that I've got axis camera which can report via http...but it
attempts Basic authentication and JASM uses hard form.

I could have JASM read Basic auth header from camera...but I'd rather
have realm specific to webapp.

Problem is...realm classes assume OUTSIDE of webapp (jndi, jdbc,
etc.)...no way to tap into serialized data stored in webapp.

Does this sound correct?

Until I store user/role information for JASM in external db (which I
need to do anyways)...I guess I'm stuck just picking off Basic auth header.

Only disadvantage of not using tomcat realms is I cannot use
"isUserInRole"/etc. methods...but no big deal I guess.



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to