Re: another problem with JAAS

[mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 12:51 PM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Alan, That's correct, I overwrite the subject. Michiel Alan Weissman wrote: Hey Michiel - How did you overwrite Tomcat's Subject in the Session with your own? Thanks

Re: another problem with JAAS

Michiel Toneman wrote: Hi Beloglazov, I was running into the same problem. As far as I can tell (anyone on the list, please correct me if I'm wrong), Tomcat primarily uses JAAS for authentication, but it is pretty useless for authorisation. I have no idea why the JAASRealm goes to all the

Re: another problem with JAAS

but how? :) What is the key that you use in the session? -Original Message- From: Michiel Toneman [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 12:51 PM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Alan, That's correct, I overwrite the subject. Michiel Alan

another problem with JAAS

Hello, I've written a JAAS LoginModule and my web application successfully authorizes with it. But! While the authorization is successful, Tomcat does not recognize user Principals and roles which I assign in login module and returns that I have logged as a *null* user with no roles assigned

Re: another problem with JAAS

Hi Beloglazov, I was running into the same problem. As far as I can tell (anyone on the list, please correct me if I'm wrong), Tomcat primarily uses JAAS for authentication, but it is pretty useless for authorisation. I have no idea why the JAASRealm goes to all the trouble of setting up a

Re: another problem with JAAS

Hello, strange error! I have looked inside the JAASRealm code and can't find a error. Subject result: You must have as your subject one Principal (java.security.Principa) for real user Than you can have one or more Group Principals with Name =Roles from class java.security.acl.Group

RE: another problem with JAAS

Hey Michiel - How did you overwrite Tomcat's Subject in the Session with your own? Thanks, Alan -Original Message- From: Michiel Toneman [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 9:51 AM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Beloglazov, I

Re: another problem with JAAS

To: Tomcat Users List Subject: Re: another problem with JAAS Hi Beloglazov, I was running into the same problem. As far as I can tell (anyone on the list, please correct me if I'm wrong), Tomcat primarily uses JAAS for authentication, but it is pretty useless for authorisation. I have no idea

RE: another problem with JAAS

Yes but how? :) What is the key that you use in the session? -Original Message- From: Michiel Toneman [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 12:51 PM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Alan, That's correct, I overwrite the subject

Re: another problem with JAAS

The servlet container spec from Sun doesn't specify any integration requirements for JAAS. The JAAS support is basically fledgeling authentication, and that's it for servlet spec 2.4 - I would be interested myself in seeing the discussions and motivations behind the progress and changes on the