달력

092017  이전 다음

  •  
  •  
  •  
  •  
  •  
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30

출처 : http://www.laj.ca/projects/PrincipalAuthenticator/doc/uml/

 

 

Tomcat Authentication and Authorization Sequences

From the base Tomcat Authentication Sequence (using JAAS you can see the changes made by both JBoss and the IIS Connector. The important bit to note here is on the ISAPI Connector DLL Sequence. Due to the dll injecting a Principal into the request for Tomcat, all of Tomcat's regular authenticator valves fail to authorize the user. This is because, by default, they check to see if a Principal already exists in the session and return if it does.

The Tomcat IIS Authenticator Sequence shows how using the Tomcat IIS Authenticator Valve makes tomcat continue the authentication and authorization. Authentication is 'checked' by verifying that the NTLM provided Principal is not-null. Authorization is performed by passing the Principal to the Security Realm. The security realm can then populate the user's Principal with the Role's the user is granted base on the implementation of the Realm.

JBoss will now be able to use any LoginModule to populate the user's roles since it's security realm (registered in Tomcat) will now be called.

 

신고
Posted by Tornado tornado