출처 : http://www.laj.ca/projects/PrincipalAuthenticator/doc/uml/
Tomcat Authentication and Authorization Sequences
From the base Tomcat Authentication Sequence (using JAAS you can see the changes made by both JBoss and the IIS Connector. The important bit to note here is on the ISAPI Connector DLL Sequence. Due to the dll injecting a Principal into the request for Tomcat, all of Tomcat's regular authenticator valves fail to authorize the user. This is because, by default, they check to see if a Principal already exists in the session and return if it does.
The Tomcat IIS Authenticator Sequence shows how using the Tomcat IIS Authenticator Valve makes tomcat continue the authentication and authorization. Authentication is 'checked' by verifying that the NTLM provided Principal is not-null. Authorization is performed by passing the Principal to the Security Realm. The security realm can then populate the user's Principal with the Role's the user is granted base on the implementation of the Realm.
JBoss will now be able to use any LoginModule to populate the user's roles since it's security realm (registered in Tomcat) will now be called.
-
TomcatAuthenticationSequence
This is how tomcat's JAAS normally works.
-
JBossAuthenticationSequence
JBoss registers it's own JAASRealm with Tomcat on startup.
-
ISAPIConnector_DLL_Sequence
Note how the security realm is skipped by the Authenticator.
-
TomcatIISAuthenticatorSequence
Now the cycle is complete again.
'JAVA > WAS' 카테고리의 다른 글
| [펌] Lambda Probe 톰캣 모니터링툴 ^^ 멋진놈이다. (2) | 2007.04.06 |
|---|---|
| 아파치 + 톰캣 연동후 8009 커넥터 조정 (0) | 2007.02.22 |
| PermGen Space (0) | 2007.02.13 |
| 아파치 튜닝 정리 (0) | 2007.01.19 |
| [펌]아파치 + 톰캣 연동 (0) | 2006.09.25 |