Marvin Addison wrote: > >> 2010-11-16 17:01:04,000 DEBUG >> [org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter] >> (http-127.0.0.1-8443-1) JBoss Web authentication failed. > > That follows immediately after the programmatic JAAS login attempt, so > it could be failing anywhere in the JAAS provider chain. Do you have > the entire org.jasig.cas.client package in debug? > Yes, I do.
Marvin Addison wrote: > If so and you don't > see debug output from org.jasig.cas.client.jaas.CasLoginModule, then > you're not getting that far. > I'm afraid that's the case. What could fail before calling JAAS chain at all? Marvin Addison wrote: > >> Is is possible at all to use the CasLoginModule in both EJB and web >> layers? > > Possible, but not supported out of the box. You'll need a custom > component that can extract the service and ticket from the CAS server > redirect and inject them into the JAAS pipeline for username and > password. WebAuthenticationFilter and WebAuthentication classes > perform this functionality in a JBoss-specific way, but it should be > possible to do this for other JAAS providers. > I'm sorry, I don't get your point. I do use JBoss and JBoss-specific solution is acceptable for me. Perhaps I should state clearer what I would like to get. Suppose I have a security-constraint requiring a ROLE_A for certain URLs in the web layer, and require a ROLE_B in EJB (via @RolesAllowed) in the business layer. I would like be authorization (and authentication as well) to be carried out in both cases via server-side JAAS login module. >From what you has written it follows that it is possible using WebAuthentication(Filter) in JBoss and actually it should be working now, as I use the classes you mention, on the other hand it turns out that the web layer gives me 403 immediately (probably due to lack of login-config, as we agreed) prevents filters from kicking in. Perhaps I should give myself a break (after I solve the "Web authentication failed" issue) and setup a dual and a bit redundant config: protect the web layer of the enterprise app as if it was a plain servlet and EJBs via JAAS independently, but pointing to the same CAS server? Anyways, thank you for your time, best regards, Maciek -- View this message in context: http://jasig.275507.n4.nabble.com/Problems-with-CAS-ifying-a-JEE-application-using-JAAS-tp3044438p3046343.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
