• Post Reply Bookmark Topic Watch Topic
  • New Topic

Custom Tomcat Authentication  RSS feed

Benjamin Hill
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Currently I'm implementing a custom authentication mechanism for Tomcat and I'd like to be able to use part custom / part container methods.

I'd like to authenticate a user myself, then use the container to perform request.isUserInRole("foo") method calls based upon the "subject" I create in the authentication phase.

After looking at the Catalina source, it seems that the container uses the current realm to authenticate a user, and creates a GenericPrincipal encapsulating the user's username, roles etc. It is then seeming added to a org.apache.catalina.Session as a "note".

I have implemented a JAAS login module etc to perform this authentication, and I am producing a Subject. I wondered is there was anything I could do to this Subject to "store" it in Tomcat to allow the container to know about it.
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!