I'm heading to the airport w/in the next hour to embark upon Raible Road Trip #8. My dad is meeting me in San Diego tonight and we're picking up my new bus tomorrow morning. From there, we're going to pick up a few supplies, get the oil changed and head out on the road. I'm taking our digital camera so I'll try to take lots of pictures. We have ideas for the route (maybe through Flagstaff?), but nothing is for sure. Our main goal is to avoid the heat since the bus has an aircooled engine. Our secondary goal is to make it back to Denver by Tuesday so my Dad can catch his flight back to Oregon. A side effect of all of this will be some good memories and hopefully a good story or two.
Want to use JAAS with Tomcat? If so, you might want to checkout this Using Tomcat with JAAS tutorial.
Although it is possible to use JAAS within Tomcat as an
authentication mechanism (JAASRealm), the flexibility of the JAAS
framework is lost once the user is authenticated. This is because the
principals are used to denote the concepts of "user" and "role", and
are no longer available in the security context in which the webapp is
executed. The result of the authentication is available only through request.getRemoteUser() and request.isUserInRole().
This reduces the JAAS framework for authorization purposes to a
simple user/role system that loses its connection with the Java
Security Policy. This tutorial's purpose is to put a full-blown JAAS
authorisation implementation in place, using a few tricks to deal with
some of Tomcat's idiosyncrasies.
request.isUserInRole() usually does everything I need. If I need something more than that, it's usually pretty easy to add some custom logic. Of course, if I ever need anything super robust, I'll probably use the Acegi Security System for Spring.