ntroduction
JAASRealm is an implementation of the Tomcat 4 Realm
interface that authenticates users through the Java Authentication & Authorization Service (JAAS) framework, a Java package that is available as an optional package in Java 2 SDK 1.3 and is fully integrated as of SDK 1.4 .
Using JAASRealm gives the developer the ability to combine practically any conceivable security realm with Tomcat's CMA.
JAASRealm is prototype for Tomcat of the proposed JAAS-based J2EE authentication framework for J2EE v1.4, based on the JCP Specification Request 196 to enhance container-managed security and promote 'pluggable' authentication mechanisms whose implementations would be container-independent.
Based on the JAAS login module and principal (see javax.security.auth.spi.LoginModule
and javax.security.Principal
), you can develop your own security mechanism or wrap another third-party mechanism for integration with the CMA as implemented by Tomcat.
Quick Start
To set up Tomcat to use JAASRealm with your own JAAS login module, you will need to follow these steps:
- Write your own LoginModule, User and Role classes based on JAAS (see the JAAS Authentication Tutorial and the JAAS Login Module Developer's Guide) to be managed by the JAAS Login Context (
javax.security.auth.login.LoginContext
). When developing your LoginModule, note that JAASRealm's built-inCallbackHandler
only recognizes theNameCallback
andPasswor