The Artima Developer Community
Sponsored Link

Java Buzz Forum
Using JAAS with Tomcat

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Matt Raible

Posts: 422
Nickname: mraible
Registered: Jul, 2003

Matt Raible is a J2EE Consultant in Denver, Colorado.
Using JAAS with Tomcat Posted: Jun 3, 2004 9:51 AM
Reply to this message Reply

This post originated from an RSS feed registered with Java Buzz by Matt Raible.
Original Post: Using JAAS with Tomcat
Feed Title: Raible Designs ~ We Build Web Apps
Feed URL: http://static.raibledesigns.com/500.html
Feed Description: Opinions and tips on how to build web applications using Java. Currently using Hibernate, Struts, XHTML, CSS, Ant, JUnit and XDoclet.
Latest Java Buzz Posts
Latest Java Buzz Posts by Matt Raible
Latest Posts From Raible Designs ~ We Build Web Apps

Advertisement
Want to use JAAS with Tomcat? If so, you might want to checkout this Using Tomcat with JAAS tutorial.

Although it is possible to use JAAS within Tomcat as an authentication mechanism (JAASRealm), the flexibility of the JAAS framework is lost once the user is authenticated. This is because the principals are used to denote the concepts of "user" and "role", and are no longer available in the security context in which the webapp is executed. The result of the authentication is available only through request.getRemoteUser() and request.isUserInRole().

This reduces the JAAS framework for authorization purposes to a simple user/role system that loses its connection with the Java Security Policy. This tutorial's purpose is to put a full-blown JAAS authorisation implementation in place, using a few tricks to deal with some of Tomcat's idiosyncrasies.

Personally, request.isUserInRole() usually does everything I need. If I need something more than that, it's usually pretty easy to add some custom logic. Of course, if I ever need anything super robust, I'll probably use the Acegi Security System for Spring.

Read: Using JAAS with Tomcat

Topic: And Linux is your psychotic ex- Previous Topic   Next Topic Topic: The Service Garden

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use