Hi all,
I have a problem with my custom security realm.
I get deploy my web-app with my custom security-realm (including
dependencies, ...). It work fine, but when in my code I run
HttpServletRequest.isUserInRole("role"), always return false.
I debugged my code ... userPrincipal had the correct
name and subjects but roles is null (is a JAASTomcatPrincipal).
Then, I debugged with geronimo source and I saw that my web-app used
the org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm and should use
org.apache.geronimo.tomcat.realm.TomcatJAASRealm to assign the roles
to JAASTomcatPrincipal whit the subject.
Looking for wiki I saw http://wiki.apache.org/geronimo/Tomcat and I
put this code in my geronimo-web.xml plan:
....
<container-config container="Tomcat">
<config-param
name="TomcatJAASRealm">TomcatJAASRealm</config-param>
</container-config>
....
<gbean name="TomcatJAASRealm"
class="org.apache.geronimo.tomcat.RealmGBean">
<attribute
name="className">org.apache.geronimo.tomcat.realm.TomcatJAASRealm</attribute>
<attribute name="initParams">
userClassNames=com.ias.ibms.auth.IBMSUser
roleClassNames=com.ias.ibms.auth.IBMSRole
</attribute>
</gbean>
But don't work :(
Somebody Know how I can assign to use TomcatJAASRealm instead of
TomcatGeronimoRealm
Thanks
Yeray Cabrera!
Aaron Mulder escribió:
So we override the default JAAS file-based configuration mechanism
with a configuration system of our own based on Geronimo components
(GBeans).
If you are doing this for a web application and you can use the normal
J2EE login routines, you can configure your login module as a Geronimo
security realm and let J2EE/Geronimo handle the login.
If you are intentionally avoiding the J2EE login handling, then you
probably need to rewrite your JAAS configuration as a Geronimo service
configuration (we have GBeans that wrap login module configuration,
etc.). You'll also need to put your classes in a JAR in the
repository (geronimo/repository/whatever/your-login-code-1.0.jar). It
will probably be a little painful to write the configuration plan, but
hey, you only need to do it once. :)
If you're going to need to write the plan, can you post the relevent
section from your existing JAAS config file?
Thanks,
Aaron
On 3/20/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi Aaron,
Sorry, should have been more descriptive.
I create a loginContext and pass it in the name of the config file and hand it the custom login call back handler.
Then the login method is called; it goes back and grabs the user from a MySQL database. If the user exists and the credentials fit, we figure out their role and send them on their way. If not, it throws a Login Exception and punts them back to the login page.
Hopefully this helps.
Thanks,
Eric
"Aaron Mulder" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
20/03/2006 09:50 AM
Please respond to
[email protected]
To [email protected]
cc
Subject Re: JAAS configuration in geronimo
How are you planning to use this JAAS component? For example, is it a
LoginModule that you want to use to validate logins to the web
container?
Thanks,
Aaron
On 3/20/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
>
> Sorry... let's try that with a subject heading
> .....
>
>
>
> Eric Cho/Kryos
>
> 20/03/2006 09:44 AM
>
> To [email protected]
>
> cc
>
>
> Subject
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hi all,
>
> I'm trying to port an app over to WAS CE (which we all know is geronimo with and ibm admin console).
>
> I have a JAAS component and I'm having trouble configuring it.
>
> In tomcat it's as easy as opening the tomcat properties dialogue, going to the java tab and adding the following under java options:
> -Djava.security.auth.login.config=C:\Tomcat 5.5\conf\JAASConfig\thisSitesSecurity.config
>
>
> How do I got about doing it in WAS CE? In the config.xml or the geromino-web.xml?
>
> Any help would be appreciated,
>
> Eric
>
>
>
>
>
|
- Re: JAAS configuration in geronimo Yeray Cabrera
-
