Re: Custom JAAS LoginModule not authorizing GenericPrincipal roles

Tue, 19 Dec 2006 18:50:16 -0800 

Hi Joe,
This is my commit(). I think you are missing the User Principle. When you say request.getUserPrincipal(), that token (1) I am putting in first comes back. The Principles you add after that are the roles you want to test against. This stuff drove me nuts when I was setting it up. Hope that does it for you. 

John

public boolean commit() throws LoginException {
       log.debug( "Commit login." );

       if ( token != null ) {
           if ( subject.isReadOnly() ) {
               throw new LoginException( "Subject is Readonly" );
           }

****** (1) Add User Priciple first *************
           subject.getPrincipals().add( token );

           List<Permission> permissions = token.getPermissions();
           Set<Principal> jaasPermissions = subject.getPrincipals();
           for ( Permission permission : permissions ) {
               jaasPermissions.add( permission );
           }
       }

       token = null;
       return true;
   }



I'm trying to use my own LoginModule. Its is successfully authenticating

my username but the problem is when its trying to authorize my roles. 


Tried:

1. Here is the code snippet from my LoginModule commit method. 
Code:


 List roles = new ArrayList();
 roles.add( "tomcat_auth_role" );
 GenericPrincipal gp = new GenericPrincipal(null, username, null,
roles);
 subject.getPrincipals().add(gp);

3. Added following to server.xml:
Code:

     <Realm className="org.apache.catalina.realm.JAASRealm"
                appName="Tomcat"

userClassNames="org.apache.catalina.realm.GenericPrincipal"

roleClassNames="org.apache.catalina.realm.GenericPrincipal"
                useContextClassLoader="true"
                debug="2"/>

3. Added following to web.xml:
Code:

   <auth-constraint>
     <role-name>tomcat_auth_role</role-name>
   </auth-constraint>


Any help would be greatly appreciated. 


Cheers
Joe

------------------------------------------------------------------------------

This email is confidential and may be legally privileged.

It is intended solely for the addressee. Access to this email by anyone else, 
unless expressly approved by the sender or an authorized addressee, is 
unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution or 
any action omitted or taken in reliance on it, is prohibited and may be 
unlawful. If you believe that you have received this email in error, please 
contact the sender, delete this e-mail and destroy all copies.

==============================================================================


 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to