Re: Custom Realm Implementation
Hi, That's because TC 4.0.1 (and 4.0.2b1, but not sure about 4.0.2b2) calls the hasRole() method (in RealmBase) and that method checks to see if the principal is an instance of GenericPrincipal. If not, then access is denied (which I think is what's happening to you). You will need to extend from GenericPrincipal or modify the hasRole() method. I would extend GenericPrincipal rather than modify hasRole(). Thanks, dan -- Development Team Computing Network Services York University, Toronto, Canada On Fri, 1 Feb 2002, Renato Romano wrote: I'm trying to write my own Realm but have some problems... MyRealm extends JDBCRealm, overrides the authenticate method(Connection, String, String) and returns a CustomPrincipal which is My own implementation of Principal; When I try to log in, a get a User userName successfully authenticated message on the log, but the browser shows me a 403 error (You are not allowed ...) Any idea ? Any document showing the process in details ? Thanks Renato -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Custom Authentication
Hi Ricardo, See if these help: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg35338.html http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg41747.html -- Dan Kha Development Team Computing Network Services York University, Toronto, Canada On Tue, 22 Jan 2002, Ricardo Ramalho wrote: Hi ppl! Again It looks like i wasn't very accurate in my first question here... What i wanted to do is something like this: (hope you guys can help) This is my actual Athentication class, with uses BASIC login. import java.lang.*; import java.sql.*; import javax.sql.*; import javax.naming.*; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.util.*; import java.security.*; import allaire.jrun.util.*; import allaire.jrun.security.*; public class Autentica implements AuthenticationInterface { /** * Initialize the authentication service * @param props The properties for the service */ public void init(OrderedProperties props) throws Exception { //Não se faz nada aki } /** * Destroy the service */ public void destroy() { //Não se faz nada aki } /** * Authenticate the given user with the given credentials (such * as a password). * @param req The servlet request * @param username The username to authenticate * @param method The type of authentication method (BASIC, DIGEST, FORM, * or CLIENT-CERT) * @param credentials Password and/or other credentials necessary * in authenticating the user * @return The Principal associated with the given username, or null * if authentication failed */ public Principal authenticate(HttpServletRequest req, String username, String password) { Principal principal = null; //tipos para a ligação à base de dados Connection dbCon = null; Statement dbStat = null; String sqlStat = null; ResultSet dbRes = null; // If we have a password, attempt to validate it if (password != null) { try { String dbPass = null; //Acesso à base de dados - apanhar uma conecção da pool de conexoes do JRun InitialContext ctx = new InitialContext(); DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/test_db); dbCon = ds.getConnection(); dbStat = dbCon.createStatement(); sqlStat = SELECT passwd FROM users WHERE user=' + username + '; dbRes = dbStat.executeQuery(sqlStat); dbRes.next(); dbPass = dbRes.getString(1); if (dbPass.equals(password)) { principal = new AuthenticatedPrincipal(username); } } catch (Exception e) { e.printStackTrace(); } } return principal; } /** * Determines if the given principal (user) has been granted the * given role within this authentication realm. * @param principal The principal (user) to verify * @param role The role to verify * @return true if the principal is part of the given role */ public boolean isPrincipalInRole(Principal principal, String role) { return true; } } Thank you for any help in advance - Ricardo Ramalho Carcavelos Lisbon Portugal EWorks Consulting - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Protected Area
Hi David, Yeah, I see your url-pattern line is commented out. It should be something like this... url-pattern/jsp/security/protected/*/url-pattern Hope this helps, dan On Fri, 11 Jan 2002, Herzig, David wrote: Dear Tomcat Users I tried to define a protected area, so I can only access my web application with a username and password. The Tomcat example /jsp/protected/security is working wothout problems, but not with my application. I added the following lines to the web.xml file, but it's not working. Can anybody give me some help? Many thanks in Advance David File: web.xml ... security-constraint web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- !--url-pattern/*/url-pattern-- !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nametomcat/role-name role-namerole1/role-name /auth-constraint /security-constraint !-- Default login configuration uses BASIC authentication -- login-config auth-methodBASIC/auth-method realm-nameRestricted Stuff/realm-name /login-config -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: TC4.01: custom Authenticator
Hi again Craig, So I've followed the cookbook way to do my custom Authenticator and it does not seem to work, even if I use the exact code from for example FormAuthenticator.java. I'm testing it by changing a working web.xml file for the protected example (/examples/jsp/security/protected/index.jsp) by specifying my own custom Authenticator like: auth-methodCUSTAUTH/auth-method which is defined in my tomcat_home\server\classes\org\apache\catalina\startup\Authenticators.properties file like: CUSTAUTH=org.mycompany.authenticator.MyFormAuthenticator So, when I try to access the protected example jsp page, I get this error: HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal If I change the web.xml back to use FORM or BASIC then it would work. Would you have any ideas Craig? Thanks again, Dan On Wed, 9 Jan 2002, Craig R. McClanahan wrote: On Wed, 9 Jan 2002, Dan Kha wrote: Date: Wed, 9 Jan 2002 15:54:52 -0500 (EST) From: Dan Kha [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: TC4.01: custom Authenticator Hi, I'm interested in writing my own Authenticator implementation. My question is, after writing my own implementation, how do I tell Tomcat 4.01 to use my own custom Authenticator (and if possible without changing Tomcat's source)? The following cookbook steps should get you started: * Create your own Authenticator implementation. Usually it's easiest to extend org.apache.catalina.authenticator.AuthenticatorBase for this, but at a minimum you have to implement Valve. * Package your Authenticator class in a JAR file and put it in $CATALINA_HOME/server/lib, *or* leave it in an unpacked directory structure under $CATALINA_HOME/server/classes (which you might have to create). As you'll see in the next step, the latter is probably easier. * Extract the file org/apache/catalina/startup/Authenticators.properties file from $CATALINA_HOME/server/lib/catalina.jar, into the server/classes directory ($CATALINA_HOME/server/classes/org/apache/catalina.startup/Authenticators.properties) * Edit this file to include an entry for a new login method. For example: FOO=com.mycompany.mypackage.MyAuthenticator * Modify the web.xml file of apps that want to use this Authenticator to indicate the use of the new authentication method: login-config auth-methodFOO/auth-method ... /login-config Note that you cannot change any of the elements in web.xml because they are fixed by the DTD. I know that to use the standard authenticators, I add the appropriate lines in the web.xml file but I haven't found a way to change that to support my own. It should go without saying that you're tying yourself now and forever more to the Tomcat 4 architecture, but the above should work. Does anyone have any ideas? Thanks in advance, Dan NOTE to anyone thinking of extending FormAuthenticator or BasicAuthenticator, you need to get the cvs source since the Tomcat 4.01 distribution declared those classes as final. The final has been removed from these classes in the HEAD branch (which is what the nightly builds are created from). Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
TC4.01: custom Authenticator
Hi, I'm interested in writing my own Authenticator implementation. My question is, after writing my own implementation, how do I tell Tomcat 4.01 to use my own custom Authenticator (and if possible without changing Tomcat's source)? I know that to use the standard authenticators, I add the appropriate lines in the web.xml file but I haven't found a way to change that to support my own. Does anyone have any ideas? Thanks in advance, Dan NOTE to anyone thinking of extending FormAuthenticator or BasicAuthenticator, you need to get the cvs source since the Tomcat 4.01 distribution declared those classes as final. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: TC4.01: custom Authenticator
Hi Guido, Can you please be a little more specific on inherit the authenticator scheme? I'm trying to not need to change any code in Tomcat and since the 4.0.1 distribution has a final FormAuthenticator class, I think I can only inherit/extend from AuthenticatorBase, which I'm not even sure is a good thing (I'm doing this so that I can use the register method to hack in SingleSignOn). And as for the manual, I don't see it anywhere (I'm not referring to creating custom Realms which does have a howto). Where can I find such a manual for creating my custom Authenticator? Thanks so much for your help, Dan On Wed, 9 Jan 2002, Guido Medina wrote: the only you have to do is to inherite the authenticator scheme from Tomcat and re-write the methods...that's all, in the manual is explained how and which class you have to extend... Guido. -Original Message- From: Dan Kha [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 4:55 PM To: [EMAIL PROTECTED] Subject: TC4.01: custom Authenticator Hi, I'm interested in writing my own Authenticator implementation. My question is, after writing my own implementation, how do I tell Tomcat 4.01 to use my own custom Authenticator (and if possible without changing Tomcat's source)? I know that to use the standard authenticators, I add the appropriate lines in the web.xml file but I haven't found a way to change that to support my own. Does anyone have any ideas? Thanks in advance, Dan NOTE to anyone thinking of extending FormAuthenticator or BasicAuthenticator, you need to get the cvs source since the Tomcat 4.01 distribution declared those classes as final. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: TC4.01: custom Authenticator
Hi Craig, Just what I needed. Thanks so much! As always, you're very helpful! On Wed, 9 Jan 2002, Craig R. McClanahan wrote: On Wed, 9 Jan 2002, Dan Kha wrote: Date: Wed, 9 Jan 2002 15:54:52 -0500 (EST) From: Dan Kha [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: TC4.01: custom Authenticator Hi, I'm interested in writing my own Authenticator implementation. My question is, after writing my own implementation, how do I tell Tomcat 4.01 to use my own custom Authenticator (and if possible without changing Tomcat's source)? The following cookbook steps should get you started: * Create your own Authenticator implementation. Usually it's easiest to extend org.apache.catalina.authenticator.AuthenticatorBase for this, but at a minimum you have to implement Valve. * Package your Authenticator class in a JAR file and put it in $CATALINA_HOME/server/lib, *or* leave it in an unpacked directory structure under $CATALINA_HOME/server/classes (which you might have to create). As you'll see in the next step, the latter is probably easier. * Extract the file org/apache/catalina/startup/Authenticators.properties file from $CATALINA_HOME/server/lib/catalina.jar, into the server/classes directory ($CATALINA_HOME/server/classes/org/apache/catalina.startup/Authenticators.properties) * Edit this file to include an entry for a new login method. For example: FOO=com.mycompany.mypackage.MyAuthenticator * Modify the web.xml file of apps that want to use this Authenticator to indicate the use of the new authentication method: login-config auth-methodFOO/auth-method ... /login-config Note that you cannot change any of the elements in web.xml because they are fixed by the DTD. I know that to use the standard authenticators, I add the appropriate lines in the web.xml file but I haven't found a way to change that to support my own. It should go without saying that you're tying yourself now and forever more to the Tomcat 4 architecture, but the above should work. Does anyone have any ideas? Thanks in advance, Dan NOTE to anyone thinking of extending FormAuthenticator or BasicAuthenticator, you need to get the cvs source since the Tomcat 4.01 distribution declared those classes as final. The final has been removed from these classes in the HEAD branch (which is what the nightly builds are created from). Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]