User: starksm
Date: 01/03/22 11:58:56
Modified: src/docs howtojaas.xml
Log:
Make a clear distinction between the server and client versions of the
auth.conf file.
Revision Changes Path
1.4 +52 -11 manual/src/docs/howtojaas.xml
Index: howtojaas.xml
===================================================================
RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- howtojaas.xml 2001/03/21 08:30:20 1.3
+++ howtojaas.xml 2001/03/22 19:58:56 1.4
@@ -230,7 +230,10 @@
a JAAS Subject using the javax.security.auth.login.LoginContext mechanism. When
the JaasSecurityManager needs to authenticate a user, it does a JAAS
login using the following programmatic steps:</para>
- <programlisting>Principal principal = ... passed in by
SecurityInterceptor;<co id = "jaas.principal"/>Object credential = ... passed in by
SecurityInterceptor;<co id = "jaas.credential"/>/* Access the security domain to which
the security manager is bound. This is
+ <programlisting><![CDATA[
+Principal principal = ... passed in by SecurityInterceptor;]]><co id =
"jaas.principal"/><![CDATA[
+Object credential = ... passed in by SecurityInterceptor;]]><co id =
"jaas.credential"/><![CDATA[
+/* Access the security domain to which the security manager is bound. This is
the xyz component of java:/jaas/xyz name used when defining the security-domain
or role-mapping-manager config elements. */
String name = getSecurityDomain();
@@ -242,7 +245,9 @@
Subject subject = lc.getSubject();
Set subjectGroups = subject.getPrincipals(Group.class);
// Get the Group whose name is 'Roles'
-Group roles = getGroup(subjectGroups, "Roles");</programlisting>
+Group roles = getGroup(subjectGroups, "Roles");
+
+ ]]></programlisting>
<calloutlist>
<callout arearefs = "jaas.principal">
<para>A Principal is an identity object. Often it
represents the username string,
@@ -305,11 +310,12 @@
[options]
;
};</synopsis>See the JAAS documentation for the complete syntax description. In the
JBoss server
-auth.conf file there should be an entry like 'other' in the figure below.
+auth.conf file there should be an entry like 'other' in <xref linkend =
"server.auth.conf"/> below.
Also shown is a 'session-roles' entry that we have added that specfies two
login modules.</para>
- <figure id = "auth.conf">
- <title>The JBoss Server JAAS Login Config
File</title>
+ <figure id = "server.auth.conf">
+ <title>The JBoss Server JAAS Login Config File
+ ($jboss_home/conf/default/auth.conf)</title>
<programlisting>// The default server login
module
other {
// A realistic server login module...
@@ -335,7 +341,40 @@
stateless session bean, they will be authenticated by the login modules
configured for the 'session-roles' domain. Referring to Figure 1 shows
that both the JaasServerLoginModule and RolesLoginModule login modules
-will be executed for perform the authentication in this domain.<note>
+will be executed for perform the authentication in this domain.</para>
+ <para>There is also a client side version of the
auth.conf that is used by the client
+connecting to JBoss. It is located in ${jboss_home}/client/auth.conf and the
default version contents
+are given in <xref linkend = "client.auth.conf"/>. The key entry here is the
'other' entry that contains
+the 'org.jboss.security.ClientLoginModule required;' setting.<figure id =
"client.auth.conf">
+ <title>The JBoss Client JAAS Login
Config File
+ ($jboss_home/client/auth.conf)</title>
+ <programlisting>srp {
+ // Example client auth.conf for using the SRPLoginModule
+ org.jboss.srp.jaas.SRPLoginModule required
+ password-stacking="useFirstPass"
+ principalClassName="org.jboss.security.SimplePrincipal"
+ srpServerJndiName="SRPServerInterface"
+ debug=true
+ ;
+
+ // jBoss LoginModule
+ org.jboss.security.ClientLoginModule required
+ password-stacking="useFirstPass"
+ ;
+
+ // Put your login modules that need jBoss here
+};
+
+other {
+ // Put your login modules that work without jBoss here
+
+ // jBoss LoginModule
+ org.jboss.security.ClientLoginModule required;
+
+ // Put your login modules that need jBoss here
+};</programlisting>
+ </figure>
+ <note>
<para>The configuration named 'other'
is used JAAS whenever it can't find
an entry matching the name passed to the LoginContext constructor. So
if we had used a JNDI name like java:/jaas/global as the security-domain
@@ -541,7 +580,7 @@
where ${jboss_home} is the location of your JBoss distribution.
@author [EMAIL PROTECTED]
-@version $Revision: 1.3 $
+@version $Revision: 1.4 $
*/
public class SessionClient
{
@@ -652,7 +691,7 @@
</listitem>
<listitem>
<para>
- <link
linkend = "auth.conf">auth.conf</link>
+ <link
linkend = "server.auth.conf">JBoss server auth.conf</link>
</para>
</listitem>
<listitem>
@@ -685,7 +724,7 @@
<link
linkend = "SessionClient.java">SessionClient.java</link>
</para>
</listitem>
- </itemizedlist> This will
give you the following 8 files:
+ </itemizedlist>This will give
you the following 8 files:
</para>
<literallayout>
<command> howto-jaas 1053>ls
@@ -794,7 +833,7 @@
]]></programlisting>
</step>
<step>
- <para>Copy the auth.conf that you
created from Figure <xref linkend = "auth.conf"/> to
+ <para>Copy the auth.conf that you
created from <xref linkend = "server.auth.conf"/> to
$jboss_home/conf/default and overwrite the existing file.</para>
<literallayout>
<computeroutput> howto-jaas
1103>cp auth.conf $jboss_home/conf/default
@@ -873,7 +912,9 @@
</step>
<step>
<para>Now, run the client as user
scott and specify the location of
- the JBoss client side JAAS login configuration file as follows: </para>
+the JBoss client side JAAS login configuration file. This is located in
${jboss_home}/client/auth.conf
+and should contain the 'other' entry as shown in <xref linkend =
"client.auth.conf"/>. If it does not
+add it. Run the client as follows: </para>
<literallayout>
<computeroutput> --- Client:
howto-jaas 1133>java
-Djava.security.auth.login.config=file://${jboss_home}/client/auth.conf SessionClient
scott echoman
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
