How to force each session to authenticate

Tue, 05 Sep 2006 06:21:36 -0700

I am using jboss and I trying to change the default caching behavior for username/passwords. I would like to force each session to reauthenticate.
The first time the user logs in, the my login module is called and it goes through login & commit as expected. The user's credentials are cached. The second time the user logs in (the user has not logged out from the first login but logs in using a different browser of a different machine). The cached credentials are used. I believe that a subclass of org.apache.catalina.realm.RealmBase is where the credentials are stored but I can't determine which subclass is used and how or where to specify a custom class that overrides the RealmBase.authenticate method. I am using form based login and see that org.apache.catalina.authenticator.FormAuthenticator is called. Where are all the default classes that are instantiated specified? 

The server.xml snippet specifying the Realm is:
<Server>
  <!-- Use a custom version of StandardService that allows the
 connectors to be started independent of the normal lifecycle
 start to allow web apps to be deployed before starting the
 connectors.
 -->

  <Service className="org.jboss.web.tomcat.tc5.StandardService" 
name="jboss.web" debug="99">

      <!-- A HTTP/1.1 Connector on port 8080 -->
      <Connector acceptCount="100" address="${jboss.bind.address}"
          connectionTimeout="20000" disableUploadTimeout="true"
          enableLookups="false" maxSpareThreads="75" maxThreads="150"
          minSpareThreads="25" port="8080" redirectPort="8443"/>
      <!-- A AJP 1.3 Connector on port 8009 -->

      <!-- SSL/TLS Connector configuration using the admin devl guide 
keystore -->

      <Connector address="${jboss.bind.address}" clientAuth="false"
          keystoreFile="${jboss.server.home.dir}/conf/tavve.keystore"
          keystorePass="38828tavve57" maxSpareThreads="15"
          maxThreads="100" minSpareThreads="5" port="8443"
          scheme="https" secure="true" sslProtocol="TLS"/>
      <Engine defaultHost="localhost" name="jboss.web" debug="99">
          <Realm

              
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" 
className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm" 
debug="99"/>

          <Logger category="org.jboss.web.localhost.Engine"

              className="org.jboss.web.tomcat.Log4jLogger" 
verbosityLevel="WARNING"/>

          <Host autoDeploy="false" deployOnStartup="false"
              deployXML="false" name="localhost">

              <!-- Default context parameters -->

              <DefaultContext cookies="true" crossContext="true" 
override="true"/>

          </Host>
      </Engine>
  </Service>
</Server>


Thanks,
Elise

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to