It looke like I was missing the first sentence, doh! It should have read
I have a basic problem calling invoking an EJB from a servlet when using the
embedded (single VM) tomcat solution. If I use a separate vm everything
works fine. With the separate VM solution I has to ensuer that I called
System.setProperty("java.security.auth.login.config",
"file:../client/auth.conf"); so that ClientLogin module was used. The
client login module seems to store the userid and password and marshall it
along to the server for server side autnentication against the
DataBaseServerLoginModule (that I have setup). So basically this works.
John.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John P.
Coffey
Sent: Friday, July 13, 2001 3:18 PM
To: [EMAIL PROTECTED]
Subject: [JBoss-user] Servlet to EJB Communication with Embedded Tomcat
everything works fine. With the separate VM solution I has to ensuer that I
called System.setProperty("java.security.auth.login.config",
"file:../client/auth.conf"); so that ClientLogin module was used. The
client login module seems to store the userid and password and marshall it
along to the server for server side autnentication against the
DataBaseServerLoginModule (that I have setup). So basically this works.
The problem occurs when I try to use the embedded tomcat, if I specify the
above in the servlet's init method, the Jboss Server side will come back
with an authenticatino exception, I stepped through the code and the
security within the JBoss server does not have a security principal or
credentials associated with it and when it calls the
DatabaseServerLoginModule it dies and fails to authenticate.
Is there somethign stupid I am misssing here. I know it is possible because
I have modified the jaas test project to talk to my database and extract the
group and role information from my PDSDataSource as per the auth.conf below
(in the tomcat directory).
jboss.xml
<!-- All bean containers use this security manager by default @JC -->
<security-domain>java:/jaas/other</security-domain>
<container-configurations>
<container-configuration>
<container-name>Standard CMP EntityBean</container-name>
<role-mapping-manager>java:/jaas/other</role-mapping-manager>
<authentication-module>java:/jaas/other</authentication-module>
</container-configuration>
<container-configuration>
<container-name>Standard Stateless SessionBean</container-name>
<role-mapping-manager>java:/jaas/other</role-mapping-manager>
<authentication-module>java:/jaas/other</authentication-module>
</container-configuration>
<container-configuration>
<container-name>Standard Stateful SessionBean</container-name>
<role-mapping-manager>java:/jaas/other</role-mapping-manager>
<authentication-module>java:/jaas/other</authentication-module>
</container-configuration>
</container-configurations>
I am really curious is there a way to use the role definitions in tomcat's
web.xml to secure servlet alias's and to also pass useir/password
information along with post parameters?
John Coffey
Pingtel Corporation
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
