Hi Kevin, Thanks for sharing this experience. It could indeed be useful, maybe to add a Tomcat specific extension. I've entered a RFE:
"Add Tomcat extension" http://restlet.tigris.org/issues/show_bug.cgi?id=1097 Best regards, Jerome Louvel -- Restlet ~ Founder and Technical Lead ~ http://www.restlet.org Noelios Technologies ~ http://www.noelios.com -----Message d'origine----- De : kevinpauli [mailto:[email protected]] Envoyé : mercredi 21 avril 2010 16:29 À : [email protected] Objet : Re: JAAS and JBoss 5.1 Turns out that JBoss web only indirectly relies on JAAS; there's layers of jboss and tomcat security in between. What a mess. Here is what I have come up with that works. Anyone interested, enjoy. package org.restlet.ext.tomcat; import java.security.Principal; import org.apache.catalina.Context; import org.apache.catalina.Engine; import org.apache.catalina.Host; import org.apache.catalina.Realm; import org.apache.catalina.Server; import org.apache.catalina.ServerFactory; import org.apache.catalina.Service; import org.restlet.security.SecretVerifier; public class TomcatVerifier extends SecretVerifier { private String serviceName; private String contextName; public String getServiceName() { return serviceName; } public void setServiceName(String serviceName) { this.serviceName = serviceName; } public String getContextName() { return contextName; } public void setContextName(String contextName) { this.contextName = contextName; } @Override public boolean verify(String identifier, char[] secret) { final Server server = ServerFactory.getServer(); final Service service = server.findService(serviceName); final Engine engine = (Engine) service.getContainer(); final Host host = (Host) engine.findChild(engine.getDefaultHost()); final Context context = (Context) host.findChild(contextName); final Realm realm = context.getRealm(); final Principal principal = realm.authenticate(identifier, new String(secret)); return principal != null; } } And then the spring config: <bean id="tomcatVerifier" class="org.restlet.ext.tomcat.TomcatVerifier"> <property name="serviceName" value="jboss.web"/> <property name="contextName" value="/myapp"/> </bean> -- View this message in context: http://n2.nabble.com/JAAS-and-JBoss-5-1-tp4904649p4937297.html Sent from the Restlet Discuss mailing list archive at Nabble.com. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=25916 61 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2605104

