Tomcat provides a JAASRealm for this. So the first step is to configure
the webapp context to use it. Realms can be defined at any container
level (i.e. nested inside Engine, Host and Context). So find an
appropriate spot for your application and drop in the following
JAAS configures itself using a configuration provider. The default jaas
configuration provider attempts to locate its configuration file by
looking at - among other things - the java.security.auth.login.config
system property. In Tomcat you can pass this information by setting the
CATALINA_OPTS environment variable:
The jaas.config file lists one or more login module configurations. In
order to use SlideLoginModule the following configuration should
// sample login config file for the Jetty SlideLoginModule
Place it in $CATALINA_HOME/conf/jaas.config or wherever you said it
would be in the previous step.
Notice that this login module is named 'slide_login', this is the name
that must be referenced by the appName attribute in the JAASRealm
configuration above. The namespace property names the namespace the
LoginModule will load users from. If not present the default namespace
will be used as defined in slide's domain configuration file.
Last step is - if you hadn't done it already - to configure
security-constraints in web.xml of you application.
That should be it. Note that there is no need to go juggling about with
putting jars in different places where catalina system classloaders can
find it. (I remember having to move around a lot of jars when
configuring the SlideRealm before.) Just dropping the slide.war and
configuring the Realm appears to be enough.
You can find more information about JAASRealm in the Realm documentation
page for Tomcat 5.