Hi...I am having a similar problem...were you able to resolve this. Are you running the web application in athe same container as the JSPwiki?
new2Jaas wrote: > > Hello, > I have been trying to implement JAAS login with JSPWiki on Tomcat. We are > using JSPWiki 2.6.2 with Tomcat5.5 > We have an existing web application (mainApp) that does not use JAAS. > However, we would like to use JSPWiki as a portal with a single-sign-on > feature - > meaning when the user logs into our mainApp the user clicks on a link to > JSPWiki application. At this point, we would like to automatically > authenticate > the user with appropriate roles and permissions and log him into JSPWiki. > > To acheive this, I have done the following but doesn't seem to work: > > 1. Tomcat server.xml: > a. I've added a <Context> tag for JSPWiki application and <Context> tag > for > mainApp with crossContext=true in both. > b. Added a <Realm> entry as such: > <Realm > className="org.apache.catalina.realm.JAASRealm" > appName="JSPWiki-custom" > > userClassNames="com.ecyrd.jspwiki.user.DefaultUserProfile" > roleClassNames="com.ecyrd.jspwiki.auth.authorize.Role" > debug="99"/> > c. Enabled SingleSignOn by adding the <Valve> tag within the <Host> tag > as > such: > <Valve className="org.apache.catalina.authenticator.SingleSignOn" > /> > > 2. Placed my login module (JAASLoginModule's) jar file JAASLoginLM.jar in > %TOMCAT_HOME%/common/lib folder. > In the JAASLoginModule itself I am using HttpRequestCallback just like > the SiteMinderLoginModule example: > http://www.jspwiki.org/wiki/Security2.3WishList > > 3. I added the entries for the login module in jspwiki.policy towards the > end as such: > > // grant LoginModule permissions > grant codebase "file:${catalina.home}/common/lib/JaasLoginLM.jar" { > permission javax.security.auth.AuthPermission "modifyPrincipals"; > }; > grant codebase "file:${catalina.home}/common/lib/JaasLoginAzn.jar" { > > permission javax.security.auth.AuthPermission > "createLoginContext.jaaslogin"; > permission javax.security.auth.AuthPermission "doAsPrivileged"; > }; > > 4. In jspwiki.properties file I enabled JAAS as such: > jspwiki.security = jaas > > 5. On tomcat startup I specify the policy file and jaas file settings as > such: > -Djava.security.auth.login.config==C:\Program Files\Apache Software > Foundation\Tomcat 5.5\webapps\JSPWiki\WEB-INF\jspwiki.jaas > -Djava.security.policy==C:\Program Files\Apache Software Foundation\Tomcat > 5.5\webapps\JSPWiki\WEB-INF\jspwiki.policy > > 6. Disabled container managed authentication in > <TOMCAT_HOME>/webapps/web.xml by commenting the <security-constraint> > section and > in jspwiki.properties set jspwiki.userdatabase.isSharedWithContainer = > false > > Now, I restart the server and launch the mainApp and login. After logging > in, I click on the link to JSPWiki > (http://<hostname:port>/JSPWiki/Wiki.jsp) > - > which takes me to the main page as an "Anonymous" user. > > I dont see JAAS being used. The logs do not show any debug messages from > my > JAASLoginModule. Instead it says - > "Checking JAAS configuration...JAAS already configured by some other > application (leaving it alone...)" > > My security configuration verifier (SecurityConfig.jsp) says that it found > jspwiki.jaas. It doesn't show any errors - except that it says > "We found some errors with your configuration: Policy file does not have a > keystore... at least not one that we can locate." > Do I need jspwiki.jks file and an entry in policy file - keystore > jspwiki.jks? - Currently I DO NOT have the keystore file. > > Do I need to programmatically create the LoginContext and call the login() > method in the JSP? > My understanding was that all that would happen automatically in the > background. > I am sure I'm missing something. > > > Your help is greatly appreciated! > Thanks. > > -- View this message in context: http://www.nabble.com/JAAS-with-JSPWiki-tp18096654p20231360.html Sent from the JspWiki - User mailing list archive at Nabble.com.
