Hi Wendy,
if you set up tomcat to use the JAAS realm, then tomcat will set up a
LoginContext, which is what you configure by pointing it to your
LoginModule(s).
You either code your LoginModule or perhaps use the Sun one you mention
(if the code does what it's meant to), you just need to configure it
with the right options.
The User and Role classes are more or less simple DTOs, one User object
for the user and x Role objects for each role the User is in.
Getting the classes all in the classpath is obviously important, and
depending on how tomcat does it, you might need to jar them up
seperately from your app and put them in the internal tomcat lib dir.
HTH
Adam
C.F. Scheidecker Antunes on 13/08/05 00:54, wrote:
Wendy,
Check out this article on JAAS with LDAP. I am sure that it might not be
as hard to use Kerberos. I've seen an example of the userClassNames and
roleClassNames somewhere this week. Let me see if I find it and I will
forward it to you.
The article on JAAS is at:
http://www.theserverside.com/articles/article.tss?l=Pramati-JAAS
Wendy Smoak wrote:
As I mentioned earlier today, we've licensed a (Struts-based, so I'm
not *entirely* off topic) third-party webapp that comes pre-configured
to do LDAP authentication. We, of course, do not have LDAP. We have
Kerberos. Easy enough, I thought... surely there's a KerberosRealm I
can configure and plug in. Apparently not.
I can successfully authenticate with Kerberos at the command line
using the code in the tutorial:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html
I can not, however, figure out what I'm supposed to do to fit that
part into the Catalina JAASRealm, as described here:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JAASRealm
The first thing it says is "Write your own LoginModule".
(Frightening... *I* have to talk to the Kerberos service?) But
there's already com.sun.security.auth.module.Krb5LoginModule which is
used in the tutorial, so maybe not. I have that in
$CATALINA_HOME/conf/jaas.config with JAVA_OPTS set properly.
And that's about as far as I can get. When I go to configure
server.xml, it wants class names for users and roles:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="JaasSample"
userClassNames="???"
roleClassNames="???"
debug="99"/>
Even if I write a couple of classes and fill in the blanks, I don't
see what's ever going to instantiate them.
What am I missing? This can't be as hard as I'm making it.
Thanks,
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
