On 6/16/2010 10:58 AM, Marc Boorshtein wrote: ...
That being said, the sequence of events should be: 1. Web server authenticates the user (works) 2. Pass the context to Tomcat (works) 3. Tomcat calls the realm to retrieve the user information and set the context (doesn't presently occur) #3 appears to be the issue. Authenticaiton and Authorization should be separate steps entirely in order to satisfy the J2EE contract in an enterprise environment (which often involves WAMs). So it doesn't sound like there is a configuration way to handle this. I think I'll try hacking around to see if I can solve this with some kind of custom Realm.
Keep in mind that Tomcat is not a full j2ee server; it's a "servlet container", so may not meet some of the requirements you have for your app if they are part of higher-level j2ee specs.
D --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
