Announcement Announcement Module
No announcement yet.
How to authenticate through Tomcat tomcat-users.xml Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to authenticate through Tomcat tomcat-users.xml

    In all Spring BlazeDS examples are users defined in spring.xml, but how to store Authentication with using users defined in Tomcat tomcat-users.xml?

  • #2
    Well, basically what you would need to look for is the Spring Security way of doing that...nothing specific to Flex there really. That said, I don't believe Spring Security provides any out-of-the-box way to authenticate against a Tomcat security Realm (which is what you're defining in tomcat-users.xml), as that fulfilling part of the Servlet specification where it is expected that the container actually handles the authentication (either BASIC or FORM based). Spring Security has support for using the container provided Principal as the source of its Authentication, but it expects the actual authentication process to have already happened. (See

    To actually authenticate against tomcat-users.xml without using the Tomcat-provided mechanisms, you need to actually program against Tomcat-internal classes, as you can see if you look at the out-of-the-box BlazeDS TomcatLoginCommand source. Again, I don't think Spring Security provides an equivalent, though I could be'd be better served asking on the Spring Security forum for a definitive answer there.

    In theory, it may be possible to make the existing TomcatLoginCommand work in conjunction with the Spring Security support, but I don't believe that would work without some additional modifications.