Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 17975 invoked from network); 20 Sep 2006 15:23:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 20 Sep 2006 15:23:03 -0000 Received: (qmail 74758 invoked by uid 500); 20 Sep 2006 15:22:55 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 74661 invoked by uid 500); 20 Sep 2006 15:22:55 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 74650 invoked by uid 99); 20 Sep 2006 15:22:55 -0000 Received: from idunn.apache.osuosl.org (HELO idunn.apache.osuosl.org) (140.211.166.84) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Sep 2006 08:22:55 -0700 Authentication-Results: idunn.apache.osuosl.org header.from=sreepriya_ramakrishnan@yahoo.com; domainkeys=good X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS DomainKey-Status: good X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 Received: from [66.196.97.91] ([66.196.97.91:34367] helo=web56902.mail.re3.yahoo.com) by idunn.apache.osuosl.org (ecelerity 2.1.1.8 r(12930)) with ESMTP id C8/94-01963-9CC51154 for ; Wed, 20 Sep 2006 08:22:50 -0700 Received: (qmail 41944 invoked by uid 60001); 20 Sep 2006 15:22:46 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ZFvmmYfjiDBGrRN1cNJi8QUcUWYX2aGmApPAElnq8wSWRRGUFhMIYRv8So3/4PBYe74h4WyFACi8pnphtdGZskg8VecHfLqXkIOudqd1tMTdUMR+mAtCSa3ASFIqlt58IW5hXc1WZgmZnQE3S+/RobNf8p3+LGmxtz7dTQMZwH8= ; Message-ID: <20060920152246.41942.qmail@web56902.mail.re3.yahoo.com> Received: from [205.189.242.115] by web56902.mail.re3.yahoo.com via HTTP; Wed, 20 Sep 2006 08:22:46 PDT Date: Wed, 20 Sep 2006 08:22:46 -0700 (PDT) From: sreepriya ramakrishnan Subject: Re: Help with JAAS and Geronimo To: user@geronimo.apache.org In-Reply-To: <74e15baa0609200809x54d04babp5c8a2e9ce529cb32@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N The JAAS login module should connect to LDAP and collect the Users details like lastname.phone number, fax number , and other details and this should be made available to the application. Also, in cases of errors or exceptions in JAAS authentication, the User should be forwarded to a Login JSP page. So I was thinking that if I am able to call a module in the Servletfilter, then I should be able to forward the User to other pages when needed and also put the user details in session as a Servlet Filter has access to httpServletRequest. Please let me know how to achieve this in Geronimo and what is the concept of realms here. Thanks, Priya --- Aaron Mulder wrote: > What's the "collecting user details" part of this? > > For example, if you use J2EE security and HTTP Basic > authentication, > you can have the user's username and password > (provided by HTTP Basic > auth) resolved against a JAAS LoginModule > (configured as a Geronimo > security realm) and no servlet filter is necessary. > That will let the > application access the current user's username, and > check whether > they're in any particular J2EE security role to make > finer-grained > authorization decisions. > > It would not, however, let you look up the user's > address and phone > number, even if that was somehow stuffed into the > Subject by the JAAS > LoginModule. > > How well does this fit what you're trying to do? > > Thanks, > Aaron > > On 9/20/06, sreepriya ramakrishnan > wrote: > > Hi, > > > > These are the requirements: > > > > The application should use a HTTP Basic > authentication > > with JAAS for authentication user and collecting > user > > details. > > > > In all examples related to JAAS, I see that they > use a > > Servlet Filter which uses a LoginContext to invoke > the > > JAAS loginModule and then they populate the User > > Details in the Subject.They then use the same > > logincontext to retrieve the User details from the > > Subject. > > Doing it this way will enable me to populate the > > userdetails in session so that it is available to > the > > application. > > > > I am not sure how to achieve this with Geronimo. > > > > Thanks, > > Priya > > > > --- Aaron Mulder > > wrote: > > > > > Can you say a little more about what you're > trying > > > to do? For > > > example, why are you accessing JAAS via a > Servlet > > > Filter instead of > > > just using J2EE security? It is possible for > you to > > > access Geronimo > > > security features from a filter but the best way > may > > > depend on what > > > you're trying to accomplish. > > > > > > Thanks, > > > Aaron > > > > > > On 9/20/06, sreepriya ramakrishnan > > > wrote: > > > > Hi , > > > > > > > > I am having problems understanding how > geronimo > > > and > > > > JAAS work together. > > > > > > > > If I want to use a ServletFilter to access a > > > Geronimo > > > > deployed custom LOgin Module. How will I do > that > > > and > > > > how will the configuration in Geronimo be? > Should > > > I > > > > use Security realms ?? > > > > > > > > Your help will be greatly appreciated. I have > > > been > > > > stuck with this for quite sometime now and > was > > > > wondering if you can help me. > > > > > > > > Thanks, > > > > Priya > > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Tired of spam? Yahoo! Mail has the best spam > > > protection around > > > > http://mail.yahoo.com > > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com