Hi all,
I am able to access the current context's org.apache.catalina.Realm
object using Yoav Shapira's Tomcat-Realm example; however, when I call
Realm.authenticate(String user, String pass), the Principal object that
it returns is not being registered with the session (subsequent requests
have a null Principal)..
Apparently this is because that method is normally invoked by
AuthenticatorBase, which handles the registering of Principal with
Session. However I can't find a way to get the Authenticator object.
Moreover, AuthenticatorBase's register(req, res, login) method is
protected which also complicates things slightly (given that the impl
must be cast-to or reflection used)
My question is, what is the most straight-forward way to authenticate
(using one or both of (String user, String pwd) or (X509Certificate
cert)) and then register the Principal, using the currently defined
Realm/Authenticator?
Also, is there any facility to implicitly login a user using only a void
doLogin(Principal p)? This would allow me to completely abstract the
authentication process and rules (especially into schemes that don't fit
Realm's interface definition), and without having to extend Realm or
Authenticator.
Thank,
ken
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
