geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yeray Cabrera <yeray.cabr...@integraas.com>
Subject Re: JAAS configuration in geronimo
Date Thu, 23 Mar 2006 09:38:27 GMT
Hi all,

I have a problem with my custom security realm.

I get deploy my web-app with my custom security-realm (including 
dependencies, ...). It work fine, but when in my code I run 
HttpServletRequest.isUserInRole("role"), always return false.

I debugged my code ... userPrincipal had the correct name and subjects 
but roles is null (is a JAASTomcatPrincipal).

Then, I debugged with geronimo source and I saw that my web-app used the 
org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm and should use 
org.apache.geronimo.tomcat.realm.TomcatJAASRealm to assign  the roles to 
JAASTomcatPrincipal whit the subject.

Looking for wiki I saw  http://wiki.apache.org/geronimo/Tomcat and I put 
this code in my geronimo-web.xml plan:

....
    <container-config container="Tomcat">
        <config-param 
name="TomcatJAASRealm">TomcatJAASRealm</config-param>      
    </container-config>
....
    <gbean name="TomcatJAASRealm" 
class="org.apache.geronimo.tomcat.RealmGBean">
        <attribute 
name="className">org.apache.geronimo.tomcat.realm.TomcatJAASRealm</attribute>
        <attribute name="initParams">
            userClassNames=com.ias.ibms.auth.IBMSUser
            roleClassNames=com.ias.ibms.auth.IBMSRole
        </attribute>
    </gbean>

But don't work :(

Somebody Know how I can assign to use TomcatJAASRealm instead of  
TomcatGeronimoRealm

    Thanks

    Yeray Cabrera!

Aaron Mulder escribió:
> So we override the default JAAS file-based configuration mechanism
> with a configuration system of our own based on Geronimo components
> (GBeans).
>
> If you are doing this for a web application and you can use the normal
> J2EE login routines, you can configure your login module as a Geronimo
> security realm and let J2EE/Geronimo handle the login.
>
> If you are intentionally avoiding the J2EE login handling, then you
> probably need to rewrite your JAAS configuration as a Geronimo service
> configuration (we have GBeans that wrap login module configuration,
> etc.).  You'll also need to put your classes in a JAR in the
> repository (geronimo/repository/whatever/your-login-code-1.0.jar).  It
> will probably be a little painful to write the configuration plan, but
> hey, you only need to do it once.  :)
>
> If you're going to need to write the plan, can you post the relevent
> section from your existing JAAS config file?
>
> Thanks,
>     Aaron
>
> On 3/20/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>   
>> Hi Aaron,
>>
>> Sorry, should have been more descriptive.
>>
>> I create a loginContext and pass it in the name of the config file and hand it the
custom login call back handler.
>>
>> Then the login method is called; it goes back and grabs the user from a MySQL database.
 If the user exists and the credentials fit, we figure out their role and send them on their
way.  If not, it throws a Login Exception and punts them back to the login page.
>>
>>
>> Hopefully this helps.
>>
>> Thanks,
>> Eric
>>
>>
>>
>>
>>
>>
>>  "Aaron Mulder" <ammulder@alumni.princeton.edu>
>> Sent by: ammulder@gmail.com
>>
>> 20/03/2006 09:50 AM
>>
>> Please respond to
>>  user@geronimo.apache.org
>>
>>
>> To user@geronimo.apache.org
>>
>> cc
>>
>>
>> Subject Re: JAAS configuration in geronimo
>>
>>
>>
>>
>>
>>
>>
>>
>> How are you planning to use this JAAS component?  For example, is it a
>>  LoginModule that you want to use to validate logins to the web
>>  container?
>>
>>  Thanks,
>>      Aaron
>>
>>  On 3/20/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>>  >
>>  >
>>  > Sorry... let's try that with a subject heading
>>  > .....
>>  >
>>  >
>>  >
>>  >  Eric Cho/Kryos
>>  >
>>  > 20/03/2006 09:44 AM
>>  >
>>  > To user@geronimo.apache.org
>>  >
>>  > cc
>>  >
>>  >
>>  > Subject
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >  Hi all,
>>  >
>>  >  I'm trying to port an app over to WAS CE (which we all know is geronimo with
and ibm admin console).
>>  >
>>  > I have a JAAS component and I'm having trouble configuring it.
>>  >
>>  >  In tomcat it's as easy as opening the tomcat properties dialogue, going to
the java tab and adding the following under java options:
>>  >  -Djava.security.auth.login.config=C:\Tomcat 5.5\conf\JAASConfig\thisSitesSecurity.config
>>  >
>>  >
>>  >  How do I got about doing it in WAS CE? In the config.xml or the geromino-web.xml?
>>  >
>>  >  Any help would be appreciated,
>>  >
>>  > Eric
>>  >
>>  >
>>  >
>>  >
>>  >
>>
>>
>>     
>
>   

Mime
View raw message