tomcat - HypothermicRealm RequestInterceptor
rbrindl Sep 7, 2001 7:34 PMI hope this is the correct forum for my question,
I have been using the HypothermicRealm Request-Inteceptor for tomcat to authenticate users logging in into tomcat.It worked very well up to JBoss Version 2.2.2.
now I upgraded to 2.4 and get the following Exception when a user tries to log in:
java.lang.NoClassDefFoundError: org/jboss/security/auth/UsernamePasswordHandler
at com.hypothermic.security.HypothermicRealm.authenticate(HypothermicRealm.java:107)
at org.apache.tomcat.core.ContextManager.doAuthenticate(ContextManager.java:852)
at org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341)
at com.hypothermic.security.HypothermicRealm.authorize(HypothermicRealm.java:147)
at org.apache.tomcat.core.ContextManager.doAuthorize(ContextManager.java:870)
at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:804)
at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
at org.apache.tomcat.service.connector.Ajp13ConnectionHandler.processConnection(Ajp13ConnectionHandler.java:160)
at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
It is obvious to me, that this happens because of a change in the internal structure of JBoss (which i am not quite familiar with).
So I tried the standard JBossSecurityMgrRealm request interceptor.
The problem is, that if i log in for example with a wrong password, I get the appropriate messages in the JBoss-console, but tomcat doesnt recognise the login failure and continues with the secured JSPs.
What I found quite convenient about HypothermicReal was, that JBoss did the authentication via its JDBC-authentication and gave the results back to tomcat immediately, without going through any application code.So I didn't have to care about any user-authentication.
The possibilities I see are:
1.) patch for HypothermicRealm to make it work with 2.4
2.) configure JBossSecurityMgrRealm in a way so that it works in a similar way to HypothermicRealm
3.) put in application logic to redirect the request back to the login- or a login-failure page
4.) some other alternatives
Please Help