Re: JAAS and TOMCAT 5
On 02/16/2004 07:17 PM Miller, Steve wrote: But, if anybody out there needs any help with configuring JAAS into Tomcat 5, let me know. I've integrated LDAP authentication into the process as well...works beautifully...finally. :-) I'll be happy to share my code in order to prevent others from suffering from massive manual hair folicle extraction. :-) Now to get this thing to work on my Linux box. :-) Steve Miller Steve, you could always update the tomcat docs on the jakarta website, and submit a patch. :) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JAAS and TOMCAT 5
Success!!! I went back and changed my JAVA_OPTS setting to use single quotesand it still failed. However, in my login.jsp page, I added the following line at the top: System.setProperty(java.security.auth.login.config, C:/TOMACT/conf/jaas.conf); Presto...worked beautifully. I even got the message out in the tomcat log that my login module was successful. I'm still very intrigued as to why nothing else I did worked yet setting it implicitely in my code worked. But, I'll worry about that laterI'm just glad it works now!! Thanks for all the help. :-) Steve Miller -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Saturday, February 14, 2004 8:38 AM To: Tomcat Users List Subject: Re: JAAS and TOMCAT 5 On 02/13/2004 09:34 PM Shapira, Yoav wrote: JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. I hardcode the whole path. And I set JAVA_OPTIONS to the same thing as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and TOMCAT 5
Well done. And if you want to debug it, go into your catalina.sh or .bat file and echo the whole execute string that the script uses to launch java. You'll see whether it's the JAVA_OPTS or not. I use the full path and not the envvar. On 02/16/2004 04:21 PM Miller, Steve wrote: Success!!! I went back and changed my JAVA_OPTS setting to use single quotesand it still failed. However, in my login.jsp page, I added the following line at the top: System.setProperty(java.security.auth.login.config, C:/TOMACT/conf/jaas.conf); Presto...worked beautifully. I even got the message out in the tomcat log that my login module was successful. I'm still very intrigued as to why nothing else I did worked yet setting it implicitely in my code worked. But, I'll worry about that laterI'm just glad it works now!! Thanks for all the help. :-) Steve Miller -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Saturday, February 14, 2004 8:38 AM To: Tomcat Users List Subject: Re: JAAS and TOMCAT 5 On 02/13/2004 09:34 PM Shapira, Yoav wrote: JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. I hardcode the whole path. And I set JAVA_OPTIONS to the same thing as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JAAS and TOMCAT 5
I forgot to add that I did change everything to the full path and is still failed. I know one day I'll stumble across the needle in the haystack as to why it is giving me fits. I will definitely try your debug suggestion. That option for some reason never crossed my mind. But at least now I can continue on with the project. :-) I should also point out to anybody that wants to implement JAAS into Tomcat, one problem I found submitting the login to j_security_check is that it would screw up the url for the login.jsp page by putting it under the path of the servlet directory. I had setup Tomcat security to protect the servlet acceess. For instance, my login.jsp was under the main context directory as http://localhost/context/login.jsp; but the url in the browser got set to http://localhost/context/servlet/login.jsp; This hosed me until I figured out a band aid work around by putting the following code in my login.jsp page: if(request.getRequestURL().toString().endsWith(/servlet/login.jsp)) response.sendRedirect(response.encodeRedirectURL(../login.jsp)); It's not a solution though, but I could never find any info out there on how to fix this problem or more importantly what is the cause. But, if anybody out there needs any help with configuring JAAS into Tomcat 5, let me know. I've integrated LDAP authentication into the process as well...works beautifully...finally. :-) I'll be happy to share my code in order to prevent others from suffering from massive manual hair folicle extraction. :-) Now to get this thing to work on my Linux box. :-) Steve Miller -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, February 16, 2004 11:04 AM To: Tomcat Users List Subject: Re: JAAS and TOMCAT 5 Well done. And if you want to debug it, go into your catalina.sh or .bat file and echo the whole execute string that the script uses to launch java. You'll see whether it's the JAVA_OPTS or not. I use the full path and not the envvar. On 02/16/2004 04:21 PM Miller, Steve wrote: Success!!! I went back and changed my JAVA_OPTS setting to use single quotesand it still failed. However, in my login.jsp page, I added the following line at the top: System.setProperty(java.security.auth.login.config, C:/TOMACT/conf/jaas.conf); Presto...worked beautifully. I even got the message out in the tomcat log that my login module was successful. I'm still very intrigued as to why nothing else I did worked yet setting it implicitely in my code worked. But, I'll worry about that laterI'm just glad it works now!! Thanks for all the help. :-) Steve Miller - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and TOMCAT 5
On 02/13/2004 09:34 PM Shapira, Yoav wrote: JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. I hardcode the whole path. And I set JAVA_OPTIONS to the same thing as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS and TOMCAT 5
Greetings,
I have finally pulled the last hair out of my head on this one. I'm running
Tomcat 5 on my Windows2000 desktop (for development purposes) and trying to
get JAAS to successfully integrate with it. I have successfully run the
examples from Sun's site for the JAAS tutorial and just trying to get it to
work on Tomcat now. I'm still a bit of a newbie to JAAS, so I'm not sure if
I'm doing something wrong there or just not setting up Tomcat and/or my
windows environment correctly...which I think is the real problem here. I
have exhausted all of my research on the internet and I couldn't find
anything out there regarding JAAS and Tomcat 5..so I thought I'd try here.
Here is the error I am getting from Tomcat:
java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:95)
I'm assuming from this message that Tomcat cannot find the JAAS
configuration file. I have it stored as %CATALINA_HOME%/conf/jaas.conf.
It's code is as follows:
MeritPool {
JAAS.MyLoginModule required;
};
I have put my compiled classes for my LoginModule, UserPrincipal, and
RolePrincipal under %CATALINA_HOME%/server/classes/JAAS as well as
%CATALINA_HOME%/common/classes/JAAS.
In the java.security file under %JAVA_HOME%/jre/lib/security, I included
login.config.url.1=file:C:/TOMCAT/conf/jaas.conf.
I have set the JAVA_OPTS environement variable in both my windows
environment, catalina.sh, and catalina.bat files to:
(in catalina.sh)
JAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf
(in catalina.bat) set
JAVA_OPTS=-Djava.security.auth.login.config==%CATALINA_HOME%\conf\jaas.conf
(in windows env. variable)
JAVA_OPTS=-Djava.security.auth.login.config==C:/TOMCAT/conf/jaas.conf
In the above lines, I tried it with on = as well.
I am using the Tomcat security configuration to protect one of my contexts
and to route to a login page. The login page form is submitted to
j_security_check with the code as follows:
form method=GET action='%= response.encodeURL(j_security_check) %'
table border=0 cellspacing=5
tr
th align=rightUsername:/th
td align=leftinput type=text name=j_username/td
/tr
tr
th align=rightPassword:/th
td align=leftinput type=password name=j_password/td
/tr
tr
td align=rightinput type=submit value=Log In/td
td align=leftinput type=reset/td
/tr
/table
/form
This login page works fine using MemoryRealm and authenticates beautifully.
But, when I comment that out in my server.xml file and instead use the
JAASRealm, using the login page doesn't work and Tomcat displays the error
that the login configuration cannot be located. My JAASRealm definition is:
Realm className=org.apache.catalina.realm.JAASRealm debug=3
appName=MeritPool userClassNames=JAAS.MyPrincipal
roleClassNames=JAAS.MyRolePrincipal /
Can somebody here hopefully help me replace some of my lost hair? :-) I'm
on digest mode, so bear with me if I am delayed in responding.
Thanks in advance!
Steve Miller
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JAAS and TOMCAT 5
Howdy, JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. Other than that, I can't help much right now ;( Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
