maybe i read too quickly (that's really possible ;)) but did you call request.login() in a filter around the rest service?
*Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > Thanks Romain....once again. > > So the combo for SQLLoginModule is > <Realm className="org.apache.catalina.realm.JAASRealm" > appName="SQLLoginApp" > > userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal" > > roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"> > </Realm> > > This works now :) yay. > > Last issue on my side, I presume this might be related isCallerInRole > issue, i`ll test this now quickly with latest snapshot. > > I`m trying to authorize the user on a rest service > > @Path("/locations") > @Singleton > @Lock(LockType.WRITE) > @RolesAllowed({"admin"}) > public class LocationService { > .... > } > > If I read everything correctly (and man I read a lot) the security should > be used from tomcat`s side. > Is there something else I need to configure to get the above working, or > i`m I off track (suggestions welcome, new to rest security) or could this > be related to the isCallerInRole issue? > > Thanks > Derick > > > -----Original Message----- > From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] > Sent: Wednesday, October 17, 2012 4:03 PM > To: users@openejb.apache.org > Subject: Re: TomEE and Jaas SQLLoginModule > > hmm, > > we had isCallerInRole broken, not sure it is linked. If you can give it a > try on the snapshot it could save us some time :). > > BTW personally i used: > > <Realm className="org.apache.catalina.realm.JAASRealm" > appName="PropertiesLoginModule" > > userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal" > > roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"> > </Realm> > > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*< > http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > > 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > > > Got to the next point :( > > > > I can see the module is now being loaded and sql is correct (broke the > sql > > to verify exceptions) but I cant seem to get the roles to work. I even > > 'hard coded' the sql to return the correct role manager-gui but I still > get > > "403 Access Denied". > > > > So authentication works but authorization seems to fail. I have checked > my > > code and confirmed the process works as expected. The only place i`m not > > sure of is the below : > > <Realm className="org.apache.catalina.realm.JAASRealm" > > appName="SQLLoginApp" > > > > > userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User" > > > > > roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"> > > </Realm> > > > > I`m not sure about the userClassNames & roleClassNames classes. I copied > > this form the PropertiesLoginApp examples for jaas on site. > > > > Anyone else with experience here? > > At this point i`m feeling the container is doing some magic i`m not aware > > of as everything else looks fine. > > > > Thanks for the help > > > > Regards > > Derick > > > > -----Original Message----- > > From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] > > Sent: Wednesday, October 17, 2012 2:01 PM > > To: users@openejb.apache.org > > Subject: Re: TomEE and Jaas SQLLoginModule > > > > Hi, > > > > did you try set CATALINA_OPTS="c:/complete/path/login.conf" before > > startup.sh? > > > > *Romain Manni-Bucau* > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > *Blog: **http://rmannibucau.wordpress.com/*< > > http://rmannibucau.wordpress.com/> > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > *Github: https://github.com/rmannibucau* > > > > > > > > > > 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > > > > > Hi Guys, > > > > > > I`m really struggling to implement the SQLLoginModule for JAAS based > > > authentication in TomEE Rest. > > > > > > I have followed the guide on > > http://tomee.apache.org/tomee-jaas.htmlreplacing it with the below > > > server.xml: > > > <Realm className="org.apache.catalina.realm.LockOutRealm"> > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > > appName="SQLLoginApp" > > > > > > > > > userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User" > > > > > > > > > roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"> > > > </Realm> > > > </Realm> > > > > > > conf/login.config: > > > SQLLoginApp { > > > org.apache.openejb.core.security.jaas.SQLLoginModule required > > > dataSourceName="jdbc/db" > > > userSelect="select ..... " > > > groupSelect="select ..... " > > > }; > > > > > > And starting tomee with the following: > > > startup.bat > > > -Djava.security.auth.login.config=$CATALINA_HOME\conf\login.config > > > > > > Getting: > > > Oct 17, 2012 1:52:00 PM org.apache.catalina.realm.JAASRealm > authenticate > > > SEVERE: Unexpected error > > > javax.security.auth.login.LoginException: No LoginModules configured > for > > > SQLLoginApp > > > > > > Seems it`s not picking up the login.config file. I have tried every > > > possible combination to load it \, reverse /, full path, no path, login > > > under bin.... > > > > > > Just cant get it to pick it up > > > > > > Any help would be appreciated. > > > > > > Regards > > > Derick > > > Standard Bank email disclaimer and confidentiality note > > > Please go to > > > http://www.standardbank.co.za/site/homepage/emaildisclaimer.html to > read > > > our email disclaimer and confidentiality note. Kindly email > > > disclai...@standardbank.co.za (no content or subject line necessary) > if > > > you cannot view that page and we will email our email disclaimer and > > > confidentiality note to you. > > > > > >
