On 18/05/2010 15:42, Neville Peter wrote: > The authentication will take place without any user intervention. For > example, from a request parameter or cookie value. > > BTW, I have just managed to get it to work by using a custom Valve that > extends AuthenticatorBase and uses my JAAS realm. The valve adds the > principal to the request and this in turn allows getRemoteUser() to work in > the servlet. > > Is this the missing link between using JAAS and still supporting > getRemoteUser()? Or is there a standard way of doing this?
Using a Valve will give you access to the the internal model of the request, so you can set Principals etc. I had the impression that a full JAAS implementation gave you access to the request and enabled the use of a Realm, but maybe it isn't what you need. The SecurityFilter project might be worth a look, before you commit to rolling your own. p >> Why is a callbackhandler not required? >> >> >> p > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature
