Marvin Addison wrote:
> 
>> 2010-11-16 17:01:04,000 DEBUG
>> [org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter]
>> (http-127.0.0.1-8443-1) JBoss Web authentication failed.
> 
> That follows immediately after the programmatic JAAS login attempt, so
> it could be failing anywhere in the JAAS provider chain.  Do you have
> the entire org.jasig.cas.client package in debug?
> 
Yes, I do.

Marvin Addison wrote:
>  If so and you don't
> see debug output from org.jasig.cas.client.jaas.CasLoginModule, then
> you're not getting that far.
> 
I'm afraid that's the case. What could fail before calling JAAS chain at
all?


Marvin Addison wrote:
> 
>> Is is possible at all to use the CasLoginModule in both EJB and web
>> layers?
> 
> Possible, but not supported out of the box.  You'll need a custom
> component that can extract the service and ticket from the CAS server
> redirect and inject them into the JAAS pipeline for username and
> password.  WebAuthenticationFilter and WebAuthentication classes
> perform this functionality in a JBoss-specific way, but it should be
> possible to do this for other JAAS providers.
> 
I'm sorry, I don't get your point. I do use JBoss and JBoss-specific
solution is acceptable for me. Perhaps I should state clearer what I would
like to get. Suppose I have a security-constraint requiring a ROLE_A for
certain URLs in the web layer, and require a ROLE_B in EJB (via
@RolesAllowed) in the business layer. I would like be authorization (and
authentication as well) to be carried out in both cases via server-side JAAS
login module. 

>From what you has written it follows that it is possible using
WebAuthentication(Filter) in JBoss and actually it should be working now, as
I use the classes you mention, on the other hand it turns out that the web
layer gives me 403 immediately (probably due to lack of login-config, as we
agreed) prevents filters from kicking in.

Perhaps I should give myself a break (after I solve the "Web authentication
failed" issue) and setup a dual and a bit redundant config: protect the web
layer of the enterprise app as if it was a plain servlet and EJBs via JAAS
independently, but pointing to the same CAS server?

Anyways, thank you for your time, best regards, Maciek
-- 
View this message in context: 
http://jasig.275507.n4.nabble.com/Problems-with-CAS-ifying-a-JEE-application-using-JAAS-tp3044438p3046343.html
Sent from the CAS Users mailing list archive at Nabble.com.

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to