Congratulations!
-* "You take people as far as they will go, not as far as you would like them to go." — Jeanette Rankin *- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jon McAlexander Sent from Proton Mail for Android. -------- Original Message -------- On Saturday, 06/13/26 at 22:01 Zoran Avtarovski <[email protected]> wrote: Thanks Chris, And thanks to those who replied privately. We had a confab with my team late in the day and after some backwards and forwards we opted to go with Spring Security. One of the key drivers in our decision was we are already using spring in our solution and one of our young devs had a working proof of concept with our app in about 2 hours. Looked quite impressive, we have a little way to go before we are production ready but it was far more straight forward than I imagined. Z. On 14/6/2026 12:33 pm, Christopher Schultz wrote: > Zoran, > > On 6/12/26 2:49 AM, Zoran Avtarovski wrote: >> After some more investigation I agree with your point about creating >> custom solution where good off the shelf solutions already exist. >> >> With that in mind we are looking at Shiro and Spring Security as our >> preferred alternatives, and at the risk of starting something I'll >> regret do you or others have experience and views on the pros and >> cons of each within a struts and tomcat environment? > > I've got no experience with any of those... I'm still working with my > custom solution. I also use securityfilter (which is a really old and > abandoned - by me - library that hacks Tomcat's Realms to Make Stuff > Work) and I can just inject an authenticated user into a HttpSession > that securityfilter will trust thereafter. > > So my custom solution works *around* Tomcat instead of with Tomcat. > > Sorry. > > -chris > >> On 11/6/2026 1:46 am, Christopher Schultz wrote: >>> Zoran, >>> >>> On 6/8/26 8:23 PM, Zoran Avtarovski wrote: >>>> Hi Guys, >>>> >>>> We now have the need to support entra ID integration in our tomcat >>>> hosted apps. We currently use tomcats container-managed-security >>>> (JAAS) and we want to keep this active as well as integrating with >>>> Entra ID. The easiest approach to us was to find/create a realm to >>>> bridge to tomcat's container-managed-security to Entra ID. We >>>> haven't been able to find anything as yet and were wondering if >>>> anyone had any advice on past experiences or which approach to take. >>>> >>>> Any assistance would be appreciated. >>> >>> Do you have a preference for SAML or OIDC? Do you need to support >>> service-provider-initiated login, or only >>> identity-provider-initiated login? >>> >>> Both of these are "easy" to implement for some definition of "easy". >>> I rolled my own single-legged SAML for my application and, looking >>> back on it, it was probably a mistake (mostly because it was a >>> rathole). >>> >>> I think there are some libraries out there that you might be able to >>> integrate into your application to take care of this for you, but >>> they probably won't integrate with Tomcat's realms. >>> >>> -chris >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
