Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...It's fun to see others going through the same stuff I did and be able to help. It's also a way for me to stay sharp and not lose the stuff I've learned..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Programmers > EAI Distributed/Component Programming > Java J2EE Forum

JAAS and Tomcat

thread197-1434684
Read More Threads Like This One
Erikxxx (Programmer)
12 Dec 07 18:35
Hi,

I've playing around with JAAS and Tomcat 5.5 for a little while and got a simple login mechanism working using Tomcat JAASRealm and my own implementation of LoginModule together with protected resources specified in web.xml. I'm now trying a slightly different approach where I have created a servlet that will create a LoginContext and call the login() method of the JAAS module. In my servlet I do something like this:

LoginContext lc = null;
try {
lc = new LoginContext("TomcatTimedLogin", new MyCallBackHandler(user,pass));
lc.login();
}catch(Exception e){}

My question is, does this approach totally bypass Tomcat's container based security mechanism? For example, Once successfully authenticated (login() returns the correct SUbject) I cannot longer access my web pages that are protected (configured in web.xml). Also, calling getRemoteUser() returns null. How can I make sure Tomcat knows when a successfull authentication has been done?

Does this mean that if I want to take this  approach I can't make use of protected resources in web.xml?


Thanks
E
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Java J2EE

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close