Emsley, I (Iain) wrote: >> I'm trying to implement a JDBC realm to compare a cookie against a >> database to authenticate an identity but my current application falls
>> over trying to get a password where one doesn't exist (they are >> checked earlier on in the cycle in another section of the programme). >JDBCRealm (and DataSourceRealm) expect a username and password, and they're provided by an Authenticator >>configured elsewhere (e.g. >FormAuthenticator). I thought so >> Is there a way of overriding the getPassword which the Realm appears >> to want or am I best off trying to put a custom realm together? >Maybe you could start over, and elaborate a little on what you're trying to achieve? As you surmise, essentially a "remember me". I'm trying to authenticate a user from name derived from a SOAP filter and then to see if they are associated with any of our groups and then to allow access based on group membership which is worked out from a database of names, groups and roles which is periodically updated. >If you're attempting a 'remember me' type facility, for example, then you should look into SecurityFilter, >which does this and a few other things rather well, and will save you writing and security testing your >>>own authentication code. Thanks for the pointer to SecurityFilter, it looks like what I really need. Iain --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
