instead of using something like JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf \Sample_jaas.config
to locate your jaas config file, you could edit the java.security file of the jre used by Tomcat instead, you are likely to find this file somewhere like: %java_home%\jre\lib\security\java.security add the following line in this file login.config.url.1=file:///%CATALINA_HOME%\conf\Sample_jaas.config (you might have to type the full path, rather than use %catalina_home%, I dont know) or make it .2 if there is a .1 entry etc Matt > -----Original Message----- > From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] > Sent: 21 July 2004 16:58 > To: Tomcat Users List > Subject: Re: RE : RE : RE : RE : RE : how to access Subject after > authentifica tion > > > > > LERBSCHER Jean-Pierre wrote: > > >In fact my java options are : > > > >JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\c > onf\Sample_jaas > >.config > > > >-----Message d'origine----- > >De : LERBSCHER Jean-Pierre > [mailto:[EMAIL PROTECTED] > >Envoyé : mercredi 21 juillet 2004 12:13 > >À : 'Tomcat Users List' > >Cc : 'Jeanfrancois Arcand' > >Objet : RE : RE : RE : RE : how to access Subject after > authentification > > > >The command line is ok ! > > > >But I have an exception : > >Caused by: java.io.IOException: Impossible de trouver une > configuration de > >connexion > > > > > Hehe :-) Pas mal comme message d'erreur ;-) > > > at > com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) > > at > com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95) > > ... 33 more > >I set > >JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATA > LINA_HOME%\conf > >\Sample_jaas.config > > > > > I never used JAAS this way so I cannot help you. Are you > trying to load > the file from your webapp? Hav eyou try to put the file > inside the war? > > -- Jeanfrancois > > > >The classe that instantiates the login context is located in > common/classes > > > >The standard Catalina.policy containts this permission > > > >grant codeBase "file:${catalina.home}/common/-" { > > permission java.security.AllPermission; > >}; > > > >Any ideas ? > > > >Thanks in advance! > > > >-----Message d'origine----- > >De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] > >Envoyé : mardi 20 juillet 2004 19:52 > >À : Tomcat Users List > >Objet : Re: RE : RE : RE : how to access Subject after > authentification > > > > > > > >LERBSCHER Jean-Pierre wrote: > > > > > > > >>Could you tell me what is the correct configuration to > access the jaas > >> > >> > >login > > > > > >>file with this security manager. > >> > >> > >> > >> > >You need to start Tomcat using the -security > > > >./catalina.sh start -security > > > >-- Jeanfrancois > > > > > > > > > >>Thanks > >> > >>-----Message d'origine----- > >>De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] > >>Envoyé : mardi 20 juillet 2004 18:42 > >>À : Tomcat Users List > >>Objet : Re: RE : RE : how to access Subject after authentification > >> > >>Are you both running with the security manager on? I think > that's the > >>problem... > >> > >>-- Jeanfrancois > >> > >>LERBSCHER Jean-Pierre wrote: > >> > >> > >> > >> > >> > >>>Matt I am ok with you! I try the two methods and I have > the same results > >>>(null) ! > >>>Perhaps we have to configure properly tomcat (?) so that > it can record the > >>>subject in the session. Perhaps an authenticator ? > >>>Jean François ! any ideas ? > >>> > >>>The second method is > >>>Subject.getSubject(java.security.AccessController.getContext()); > >>> > >>>-----Message d'origine----- > >>>De : Matt Harrison [mailto:[EMAIL PROTECTED] > >>>Envoyé : mardi 20 juillet 2004 17:42 > >>>À : 'Tomcat Users List' > >>>Objet : RE: RE : how to access Subject after authentification > >>> > >>>I have tried both of these and they both return null! > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] > >>>>Sent: 20 July 2004 16:30 > >>>>To: Tomcat Users List > >>>>Subject: Re: RE : how to access Subject after authentification > >>>> > >>>> > >>>>Two ways: > >>>> > >>>>httpSession.getAttribute("javax.security.auth.subject") > >>>> > >>>>or > >>>> > >>>>Subject.getSubject(AccessControl.getContext()) > >>>> > >>>>-- Jeanfrancois > >>>> > >>>>Matt Harrison wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Sorry for mis-reading your email > >>>>> > >>>>>If anybody out there knows how to retrieve the Subject, > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>Jean-Pierre and I > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>would most appreciate it! > >>>>> > >>>>>But, if, as I suspect, this is not part of the current > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>servlet spec, and > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>thus not part of Tomcat, can I make a request for this to be > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>included next > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>time round? > >>>>> > >>>>>I work around this by concatenating all the information I > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>require from the > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>subject into the Principal's name in my JAAS login module, as a > >>>>>java.security.Principal object is available from the request > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>object in > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Tomcat. But I guess this isn't an option for this problem. > >>>>> > >>>>>Matt > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>-----Original Message----- > >>>>>>From: LERBSCHER Jean-Pierre > >>>>>>[mailto:[EMAIL PROTECTED] > >>>>>>Sent: 20 July 2004 15:40 > >>>>>>To: 'Tomcat Users List' > >>>>>>Subject: RE : how to access Subject after authentification > >>>>>> > >>>>>> > >>>>>>Thanks Matt ! > >>>>>>My problem is that have to call EJB deployed in Weblogic > >>>>>>application server > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>from servlet components. I use the weblogic api to propagate > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>the security > >>>>>>information from tomcat to WLS. This api uses the subject! > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>Thus it is > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>>necessary that I can reach it. > >>>>>> > >>>>>>-----Message d'origine----- > >>>>>>De : Matt Harrison [mailto:[EMAIL PROTECTED] > >>>>>>Envoyé : mardi 20 juillet 2004 15:59 > >>>>>>À : 'Tomcat Users List' > >>>>>>Objet : RE: how to access Subject after authentification > >>>>>> > >>>>>>Hi > >>>>>> > >>>>>>I had a similar question a while back and never really > got it fully > >>>>>>resolved, but I found that Tomcat doesn't save the subject as > >>>>>>a session > >>>>>>attribute. > >>>>>> > >>>>>>However in your case you don't need to access the subject. In > >>>>>>the web.xml > >>>>>>file for your app, you can define what roles have access to > >>>>>>each resource > >>>>>>(jsp, servlet) and have your JAAS login module assign these > >>>>>>roles to the > >>>>>>subject - i.e. container managed security. > >>>>>> > >>>>>>e.g. add to web.xml (gives access to logins with role "user" > >>>>>>to all of your > >>>>>>application): > >>>>>> > >>>>>> <security-constraint> > >>>>>> <web-resource-collection> > >>>>>> > >>>>>><web-resource-name>myApplication</web-resource-name> > >>>>>> <url-pattern>/*</url-pattern> > >>>>>> </web-resource-collection> > >>>>>> <auth-constraint> > >>>>>> <role-name>user</role-name> > >>>>>> </auth-constraint> > >>>>>> </security-constraint> > >>>>>> <security-role> > >>>>>> <role-name>user</role-name> > >>>>>> </security-role> > >>>>>> > >>>>>>see the tomcat docs for more info > >>>>>> > >>>>>>Matt > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>-----Original Message----- > >>>>>>>From: LERBSCHER Jean-Pierre > >>>>>>>[mailto:[EMAIL PROTECTED] > >>>>>>>Sent: 20 July 2004 14:42 > >>>>>>>To: '[EMAIL PROTECTED]' > >>>>>>>Subject: how to access Subject after authentification > >>>>>>> > >>>>>>> > >>>>>>>Hi, > >>>>>>> > >>>>>>>I am using JAAS authentification module to authenticate user > >>>>>>>within tomcat > >>>>>>>5.0.27. > >>>>>>> > >>>>>>>After the authentification, I want to control access to > >>>>>>>resources (like ejb > >>>>>>>deployed in weblogic application server). > >>>>>>> > >>>>>>>To control access, I have to use weblogic api with the > >>>>>>>Subject instance > >>>>>>>delivred by authentification to tomcat. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>The problem is : how can I get the subject object.. I try > >>>>>>>session.getAttribute( "javax.security.auth.subject" ); but it > >>>>>>>seems that I > >>>>>>>can't access to this information ! > >>>>>>> > >>>>>>>Any ideas? > >>>>>>> > >>>>>>>Thanks, > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>------------------------------------------------------------ > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>--------- > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>>To unsubscribe, e-mail: > [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>>------------------------------------------------------------ > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>--------- > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>>To unsubscribe, e-mail: > [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>--------------------------------------------------------- > ------------ > >>>>>To unsubscribe, e-mail: > [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>---------------------------------------------------------- > ----------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>> > >>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: > [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>------------------------------------------------------------ > --------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >>------------------------------------------------------------ > --------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]