hi, I have written a simple sample (a servlet), and wrote the new
LoginContext stuff. and it worked.
String userName = request.getParameter("userName");
String password = request.getParameter("password");
LoginContext lc = new LoginContext("PropertiesLoginModule", new
UsernamePasswordCallbackHandler(userName, password));
lc.login();
Subject subject = lc.getSubject();
I still have a question.
When I write code like this, I do not need to add the JAASRealm in
server.xml
I just need a login.config, users.properties, groups.properties
and a java.security.auth.login.config setting in system.properties.
I read some documents, it seems that tomcat will call the method
authenticate in JAASRealm Class,
and in this method, it uses the new LoginContext() and JAASCallbackHandler.
so that, i think if
I add the JAASRealm in server.xml, maybe I do not need to write code above.
after that, I try to add the <security-constraint> in web.xml, and when I
access the url,
it will open a dialog to input user and password, I try to input the user
and password that in the users.properties, but it does not work.
so I want to ask, how to use the JAASRealm?
here is some of my settings
groups.properties
admin=test
users.properties
test=test
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JAASRealm</realm-name>
</login-config>
My input of the popup dialog is "test" and "test", but I can not login.
Thanks.
--
View this message in context:
http://openejb.979440.n4.nabble.com/TomEE-Configure-JAAS-tp4662130p4662140.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
