The configuration of jaas realm needs two things:
1) Have the environment variable
java.security.auth.login.config
defined to a file that contains some definitions...
2) Have the so called file in a place accessible to tomcat, with the jaas
configuration.
The solution I've used in my tomcat installation was:
1) alter %TOMCAT_HOME%/bin/catalina.bat to add the following line (in Unix
it should be something similar);
set JAVA_OPTS=%JAVA_OPTS%
-Djava.security.auth.login.config==%CATALINA_HOME%/conf/jaas.conf
2) put the file "jaas.conf" inside the %TOMCAT_HOME%/conf.
jaas.conf contents:
portalxxx {
xxx.portal.security.LoginModule required debug=true;
};
This done, in the server.xml file I have the following node:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="portalxxx"
userClassNames="xxx.portal.security.UserPrincipal"
roleClassNames="xxx.portal.security.RolePrincipal"
debug="99"/>
These classes, xxx.portal.security.LoginModule,
xxx.portal.security.UserPrincipal and xxx.portal.security.RolePrincipal
are all implementations of the homonimous JAAS interface definitions.
Hope it helps...
shahab <[EMAIL PROTECTED]> wrote on 05/03/2007 16:16:41:
>
> Hi:
> I am trying to implement authentication and authorization using
JAASRealm.
> (I am following the instruction provided at -
> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html).
>
> I have the following issue -
> I have created a class extending Principal for the role. I am setting
the
> right name of the role (which I fetch from DB) and add the class to
Subject.
> I have also made entries in server.xml as follows (i set debug to 0
hoping
> for more debug info) -
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="TMSLogin"
> userClassNames="tms.core.authentication.TMSPrincipal"
> roleClassNames="tms.core.authentication.TMSRoles"
> debug="0"/>
>
> my entry in web.xml is the following -
> <security-constraint>
> <display-name>AdminConstraint</display-name>
> <web-resource-collection>
> <web-resource-name>TMSAdmin</web-resource-name>
> <description>Only for administrators</description>
> <url-pattern>/admin/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description/>
> <role-name>ADMIN</role-name>
> </auth-constraint>
> </security-constraint>
>
>
> <security-role>
> <description>ADMIN</description>
> <role-name>ADMIN</role-name>
> </security-role>
>
> the getName() of the TMSRoles instance returns "ADMIN", which should
allow
> url /admin/*.
>
> However, I am still getting HTTP 403.
>
> Please help.
>
> thanx
> Shahab
> --
> View this message in context: http://www.nabble.com/how-to-set-role-
> for-JAASRealm-tf3351040.html#a9318370
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
