from:"DUDGEON"

RE: Security Constraints

2001-04-02 Thread DUDGEON


Depends on what realm you are using. Assuming you are using the default
MemoryRealm, users are defined in $TOMCAT_HOME/conf/tomcat-users.xml
If you are using JDBCRealm then it is presumably assumed that there is an
existing mechanism to manage users/passwords for your database.
If you are usign another Realm, then the chances are you have written it
yourself, so should know the answer ;-)

Tim

 -Original Message-
 From: Martin Mauri [mailto:[EMAIL PROTECTED]]
 Sent: 28 March 2001 19:52
 To: [EMAIL PROTECTED]
 Subject: Security Constraints
 
 
 Hi users!
 
 I'm trying to configure the security constraints with FORM 
 login method.
 I've defined to name the rola as "role1" but where and how do 
 I add users to
 that roles and where do I configure their passwords?
 
 regards.
 
 Martin
 
 
 Lic. Martin O. Mauri
 Profesion + Auge A.F.J.P
 Parana 666 - Cap. Federal
 TE: (011) 4373-7786/7 int: 422
 [EMAIL PROTECTED]
 www.profesi.com.ar
 


--
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy, print or
rely on this e-mail.

single login form for single sign on

2001-03-21 Thread DUDGEON


I want to use the single sign on capabilities of Tomcat4 with FORM based
authentication. However it does not seem possible to define a single login
and error page. Even though single sign on and a Realm are specified in
$TOMCAT_HOME/conf/server.xml, and FORM authentication is specified in
$TOMCAT_HOME/conf/web.xml (e.g. to use /login/login.html as the login page),
when there is a need to authenticate from a particular webapp, the login
page is referenced relative to the context (e.g
$TOMCAT_HOME/webapps/myapp/login/login.html). This would involve copying the
login pages into every webapp, which gives a maintenance problem.

So in essense the question is: Is there a way to specify a "global" login
and error page that will be used by all webapps?

Many thanks

Tim

----
Tim Dudgeon [EMAIL PROTECTED]



--
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy, print or
rely on this e-mail.

RE: Form based login: protected against password snooping?

2001-03-14 Thread DUDGEON

I think your understanding is correct. BASIC, DIGEST and FORM are
altenatives. You can't combine them.
To use FORM or BASIC securely you need SSL.

Tim
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: 13 March 2001 17:42
 To: [EMAIL PROTECTED]
 Subject: Form based login: protected against password snooping?

 Hi,

 As far I understand it, when using form based login, login 
 and password are just
 posted in plain format and are therefore not protected 
 against password
 snooping. Is that true? And if so, is the only way to use 
 form based login
 safely, the use of SSL? Or does a sort of mixture between for 
 instance DIGEST 
 Form based login exist?

 Thanks,

 Wilko

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, email: [EMAIL PROTECTED]

--
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy, print or
rely on this e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

form based auth broken - no cookie sent?

2001-03-09 Thread DUDGEON


I can't get form based authentication working with the latest snapshots.
Works fine with 4.0b1.
Authentication is working, but the redirection back to the original page
seems to fail, I think because no cookie is being sent.

With 4.0b1 a cookie is sent along with the login page. With the latest
snapshots it is not. On processing the login page a 400 error is returned.
This also happens with 4.0-b1 if you refuse the cookie. The user is being
authenticated succesfully (as seen in the access log).

Any ideas?

Tim

-
Tim Dudgeon
[EMAIL PROTECTED]


--
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy, print or
rely on this e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

MyRealm - cannot instantiate class exception

2001-03-01 Thread DUDGEON


Although I've been using tomacat for sometime, I'm now needeing to start on
some work to match up the authentication and authorisation within catalina
to our enviroment. To do this I'm putting together a LDAPRealm. I have a
rudimentary LDAPRealm that works fine on its own, but when I put it into
tomcat I'm getting a cannott instantiate class exception from within my
code. Could someone give me a guide into what I'm doing worong. It's
probably pretty basic, but I'm new to this.

What I did:

created a org.apache.catalina.realm.MyRealm class that contains an
authenticate() method that connects to the LDAP server as follows

public Principal  authenticate(String username, String credentials) {
   
MyRealmPrincipal principal = new MyRealmPrincipal(username);
Hashtable env = new Hashtable(11);
env.put(Context.PROVIDER_URL, 
"ldap://localhost:389/dc=britbio,dc=co,dc=uk");
env.put(Context.SECURITY_PRINCIPAL, principal.getDistinguishedName());
env.put(Context.SECURITY_CREDENTIALS, credentials);

try {
  // Create the initial directory context
  DirContext ctx = new InitialDirContext(env);
  // if we get here then we've bound OK

  System.out.println("Authenticated for " +
principal.getDistinguishedName());

  // get the groups from the JNDI context and define them as roles
  getRoles(ctx, principal);

  // unbind
  ctx.close();

  return(principal);


} catch (NamingException e) {
  // could not bind - wrong password?
  System.err.println("Failed to bind to directory for " + username);
  e.printStackTrace();
  return(null);
} 


this code works fine on its own (outside catalina). However when I try to
run it within catalina (jar'd up the clases, put them in
$CATLINA_ROOT/server), my code gets called, but the bind to the LDAP server
fails with the following exception 


Failed to bind to directory for tom
javax.naming.NoInitialContextException: Cannot instantiate class:
com.sun.jndi.ldap.LdapCtxFactory.  Root exception is
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtxFactory
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:659)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:250)
at javax.naming.InitialContext.init(InitialContext.java:226)
at javax.naming.InitialContext.init(InitialContext.java:202)
at
javax.naming.directory.InitialDirContext.init(InitialDirContext.java:87)
at
org.apache.catalina.realm.TimsRealm.authenticate(TimsRealm.java:109)
at
org.apache.catalina.authenticator.BasicAuthenticator.findPrincipal(BasicAuth
enticator.java:214)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthe
nticator.java:160)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:481)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2041)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161
)
at
org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:414)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:159)
at
org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at
org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java
:215)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:
818)
at
org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:897)
at java.lang.Thread.run(Thread.java:484)


Any ideas as to why this runs outside catalina and not inside it. The JVM,
and everything else I can think of is the same. My setup:
  Tomcat-4.0-b1
  JDK1.3
  Linux

many thanks

Tim


-----
Tim Dudgeon
[EMAIL PROTECTED]


--
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy

RE: Security Constraints

single login form for single sign on

RE: Form based login: protected against password snooping?

form based auth broken - no cookie sent?

MyRealm - cannot instantiate class exception

5 matches

Site Navigation

Mail list logo

Footer information