Zoran,
On 6/12/26 2:49 AM, Zoran Avtarovski wrote:
After some more investigation I agree with your point about creating
custom solution where good off the shelf solutions already exist.
With that in mind we are looking at Shiro and Spring Security as our
preferred alternatives, and at the risk of starting something I'll
regret do you or others have experience and views on the pros and cons
of each within a struts and tomcat environment?
I've got no experience with any of those... I'm still working with my
custom solution. I also use securityfilter (which is a really old and
abandoned - by me - library that hacks Tomcat's Realms to Make Stuff
Work) and I can just inject an authenticated user into a HttpSession
that securityfilter will trust thereafter.
So my custom solution works *around* Tomcat instead of with Tomcat.
Sorry.
-chris
On 11/6/2026 1:46 am, Christopher Schultz wrote:
Zoran,
On 6/8/26 8:23 PM, Zoran Avtarovski wrote:
Hi Guys,
We now have the need to support entra ID integration in our tomcat
hosted apps. We currently use tomcats container-managed-security
(JAAS) and we want to keep this active as well as integrating with
Entra ID. The easiest approach to us was to find/create a realm to
bridge to tomcat's container-managed-security to Entra ID. We haven't
been able to find anything as yet and were wondering if anyone had
any advice on past experiences or which approach to take.
Any assistance would be appreciated.
Do you have a preference for SAML or OIDC? Do you need to support
service-provider-initiated login, or only identity-provider-initiated
login?
Both of these are "easy" to implement for some definition of "easy". I
rolled my own single-legged SAML for my application and, looking back
on it, it was probably a mistake (mostly because it was a rathole).
I think there are some libraries out there that you might be able to
integrate into your application to take care of this for you, but they
probably won't integrate with Tomcat's realms.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
