container-auth vs servlet-auth role-checking?

M

Mark Chai

dear all,

has anyone managed to set the user Principal in a http session using
servlet-authentication? this is easy to do for container-based auth, but
it's not flexible enough for a custom authentication and authorization
module I'm creating.

the only problem is that I cannot set a Principal into the http session and
thus cannot use the typical code for checking role authorization, i.e.
isUserInRole() for Resin or hasRole() functions in Tomcat?

TIA,
Mark
m.chai(at)ieee.org
 
C

Christophe Vanfleteren

Mark said:
dear all,

has anyone managed to set the user Principal in a http session using
servlet-authentication? this is easy to do for container-based auth, but
it's not flexible enough for a custom authentication and authorization
module I'm creating.

the only problem is that I cannot set a Principal into the http session
and thus cannot use the typical code for checking role authorization, i.e.
isUserInRole() for Resin or hasRole() functions in Tomcat?

TIA,
Mark
m.chai(at)ieee.org

no, programmatic login unfortunately doesn't work with tomcat.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top