I wish a was a bit more thorough in the first run, sorry about that. My question is
more of "How do I implement JAAS in Tomcat?" I know this is a broad question so lets
break it down.
1. How do I configure Tomcat so that it uses JAAS?
2. What configuration files ( Java Secutiy & Tomcat ) do I need to accomplish question
#1?
3. Programmatically, I believe I have to extend
org.apache.catalina.realm.JAASMemoryLoginModule but how does Tomcat validates users
using JAASRealm?
For #1 the following:
// server.xml
<Realm className="org.apache.catalina.realm.JAASRealm" debug="99"
appName="JAASPolicy"
userClassNames="java.security.Principal"
roleClassNames="java.security.Principal"/>
For #2 the following:
// jaas.config
JAASPolicy
{
cdmanager.security.tomcat.JAASLoginModule required debug=true;
};
// jaas.policy
grant codeBase "file:${catalina.home}/webapps/cdmanager/WEB-INF/classes/- {
permission java.util.PropertyPermission "java.security.auth.login.config", "read";
permission java.util.PropertyPermission "java.security.auth.policy", "read";
permission javax.security.auth.AuthPermission "createLoginContext";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
For #3 the following:
// JAASLoginModule
public class JAASLoginModule extends org.apache.catalina.realm.JAASMemoryLoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
<snip>
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
<snip>
// ContainerAuthentication.java
<snip>
cdmanager.security.tomcat.JAASLoginCallbackHandler handler = new
cdmanager.security.tomcat.JAASLoginCallbackHandler(request);
loginContext = new LoginContext("JAASPolicy", new
cdmanager.security.tomcat.JAASLoginCallbackHandler(request));
loginContext = new LoginContext("JAASPolicy", handler );
loginContext.login(); // EXCEPTION HERE
<snip>
"Shapira, Yoav" <[EMAIL PROTECTED]> wrote:
Howdy,
Oh boy... See intermixed.
>I've used this code in Weblogic 6.X without any problem. If
>this could be done in Weblogic, then there is NO reason why we can't do
it
Of course there is. Tomcat's configuration is different than Weblogic's
configuration. Weblogic provides a superset of the servlet
specification, not to mention a complete J2EE container. Unless "this
code", "this", and "it" in the above sentence relate directly to the
servlet specification, v2.3, the above is false.
>Can anyone tell me what am I doing wrong? Or perhaps point me in the
right
>direction.
Read the JAASRealm JavaDoc for starters:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/index.
html
Actually look at the example JAASRealm to see what attributes it takes.
Don't just assume it takes the same attribute names as the weblogic
equivalent.
> debug="99"
> loginContext="JAASPolicy"
>
callbackHandler="cdmanager.security.tomcat.JAASLoginCallbackHandler"/>
This is meaningless as these are not the attributes expected by
JAASRealm.
>// ContainerAuthentication.java
This is irrelevant as the JAASRealm is not configured correctly.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
