> -----Message d'origine-----
> De: Monica, Charles [mailto:[EMAIL PROTECTED]]
> Date: lundi 13 mai 2002 17:25
> �: '[EMAIL PROTECTED]'
> Objet: [JBoss-user] JBoss2.4.5/Tomcat Configuration
>
>
> All;
>
> Sorry for the stupid question but I can't seem to find
> details anywhere.
> I'm not clear on configuring JBoss2.4.5/Tomcat. The
> bootstrap of Catalina
> is in the jboss.jcml and does not seem to use the
> /Jboss2.4.5-Tomcat/catalina/conf/server.xml at all. Should I
> move all the
> needed config options from server.xml and move them to
> jboss.jcml
many of the tags supported in server.xml should be now supported
in the <Attrib name="Config"> </Attrib>
in Jboss244 Only few were supported, but I've proposed
a big patch to add more supported XML elements.
I've been told that jboss245 now integrate my patch with some changes.
as far as I've heard, now most of the explicit Attributes
used in jboss244 are removed and replaced
by elements in the Config attribute...
note that <Context> elements probably cannot be used because they
confilct with the autodeploy concept...
> or is the
> server.xml file used in some way?
in jboss244 it was not at all used, and it must be the same with jboss245
>
> I want to add a MemoryRealm realm and have added this to jboss.jcml:
>
> <!-- The embedded Tomcat-4.x(Catalina) service configuration -->
> <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX"
...
> <Realm className="org.apache.catalina.realm.MemoryRealm" />
...
>
> Is this correct? Where should I place the Tomcat-users.xml file?
the Real Element was not supported in jboss244,
and instead a "JBossSecurityMgrRealm" is used and
transmitted to catalina.
is is probably not supported in jboss2.4.5
(it seems to conflict with richer jbossSX/jaas support)
instead in order to use HTTPS I had to configure
a jboss JAAS security manager,
<!-- Embedded Tomcat 4.x - JBossSX SecurityDomain (JaasSecurityDomain) -->
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="Security:name=JaasSecurityDomain,domain=tomcat">
<constructor>
<arg type="java.lang.String" value="tomcat" />
</constructor>
<attribute name="KeyStoreURL">../conf/tomcat.jks</attribute>
<attribute name="KeyStorePass">changeit</attribute>
</mbean>
and to refer to it in
the HTTPS connector I declared
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="443" minProcessors="5" maxProcessor="75" acceptCount="10"
enableLookups="true" scheme="https" secure="true" >
<Factory
className="org.jboss.web.catalina.security.SSLServerSocketFactory"
securityDomainName="java:/jaas/tomcat" clientAuth="false"
protocol="TLS" />
<Listener
className="org.jboss.web.catalina.TestLifecycleListener"/>
</Connector>
you should not use a tomcat memory realm but
some feature of the JAAS security manager that
do what you want...
this is done by JbossSX module
I've found some info in the cheap doc sold on-line
they explain how to use simple "IdentityLoginModule"
or UsersRoleLoginModule or LdapLoginModule,
or DataBaseServerLoginModule
It seems is very easy to configure
(few lines if some config files)
a JAAS login module which lookup into
a file (UsersRoleLoginModule probably)
look around auth.conf which already
have a UsersRoleLoginModule configured...
but I don't know what exactly to do.
I've read that you should declare the jaas domain you want to use in
the jboss-web.xml (or in the jboss.xml in EJB)
<?xml version="1.0"?>
<jboss-web>
<!-- All secured web content uses this security manager -->
<security-domain>java:/jaas/userroles</security-domain>
</jboss-web>
and it should use a login config in login.conf,
block like
// The default server login module
userroles {
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password
(value).
// roles.properties, which holds users (key) and a comma-separated
list of their roles (value).
// The unauthenticatedIdentity property defines the name of the
principal
// that will be used when a null username and password are presented as
is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
// unauthenticatedIdentity="nobody"
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
};
for this to work you NEED
to set the jaas security manager,
like this,
<!-- JAAS security manager and realm mapping -->
<mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
name="Security:name=JaasSecurityManager">
<attribute
name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManag
er</attribute>
<attribute
name="SecurityProxyFactoryClassName">org.jboss.security.SubjectSecurityProxy
Factory</attribute>
</mbean>
then you only have to change a file named
users.properties
It is a java properties formatted file that specifies the username to
password mapping. Its format is:
username1=password1 username2=password2 ...
with one entry per line.
and another named
roles.properties
It is a java properties formatted file that specifies the username to
role(s) mapping. Its format is:
username1=role1[,role2,...]
username2=role1 ...
with one entry per line.
If a user has multiple roles they are specified using a comma separated
list. You can also specify groups of roles using a syntax like:
username1.GroupName1=role1[,role2,...] username2.GroupName2=role1 ...
When no GroupName is specified a group name of 'Roles' is implied.
you should read this XML file
http://www.softagency.co.jp/jboss/jpdoc_xml/howtojaas.xml
which seems to contain all info for you
to get more precise anwer
you should change the subject of your message
to talk about JAAS, JBossSX, Catalina, and the tomcat memoryrealm
if it works tell us... maybe write a short HOWTO
best regards
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
