incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.jaqu...@mac.com>
Subject Re: JAAS with JSPWiki
Date Tue, 24 Jun 2008 18:35:42 GMT
Actually, you need to make sure that container-managed authentication  
is enabled in JSPWiki. You can do this by **uncommenting** the  
security constraints in web.xml. That is the opposite of what you said  
you did (you said you commented them out).

Here's the methodology I'd use to solve the problem.

1. Turn on container-managed auth in JSPWiki by uncommenting the  
security constraints.

2. Once you have turned on container-managed auth in JSPWiki, you need  
to make sure the container realm itself is working properly, You might  
want to use a very simple container realm first (for example, the  
memory realm that consults conf/tomcat-users.xml), instead of your  
custom JAAS realm. When you log via the container's realm, you should  
be able to see this principal propagated to JSPWiki.  
SecurityConfig.jsp should confirm that container auth works.

3. After verifying that 1) basic container authentication works and 2)  
JSPWiki recognizes the credentials, next try using Tomcat's JAASRealm  
instead, using your custom JAAS authentication module.

If this doesn't work, you should try using one of Tomcat's supplied  
JAAS LoginModules instead to verify that it really is with your  
module. If you've determined that the problem is with your custom JAAS  
LoginModule, start Tomcat via "$CATALINA_HOME/bin/catalina.sh jpda  
start," fire up Eclipse and attach a debugger to the module. You'll  
find the problem soon enough.

4. Finally, once you get done with that, then you can turn on the SSO  
valve.

Andrew


On Jun 24, 2008, at 2:06 PM, Ramya KGrama wrote:

> Hello,
> I have been trying to implement JAAS login with JSPWiki on Tomcat.  
> We are
> using JSPWiki 2.6.2 with Tomcat5.5
> We have an existing web application (mainApp) that does not use JAAS.
> However, we would like to use JSPWiki as a portal with a single-sign- 
> on
> feature -
> meaning when the user logs into our mainApp the user clicks on a  
> link to
> JSPWiki application. At this point, we would like to automatically
> authenticate
> the user with appropriate roles and permissions and log him into  
> JSPWiki.
>
> To acheive this, I have done the following but doesn't seem to work:
>
> 1. Tomcat server.xml:
> a. I've added a <Context> tag for JSPWiki application and <Context>  
> tag for
> mainApp with crossContext=true in both.
> b. Added a <Realm> entry as such:
>        <Realm
> className="org.apache.catalina.realm.JAASRealm"
>                            appName="JSPWiki-custom"
>
> userClassNames="com.ecyrd.jspwiki.user.DefaultUserProfile"
>                 roleClassNames="com.ecyrd.jspwiki.auth.authorize.Role"
>                      debug="99"/>
> c. Enabled SingleSignOn by adding the <Valve> tag within the <Host>  
> tag as
> such:
>         <Valve  
> className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
> 2. Placed my login module (JAASLoginModule's) jar file  
> JAASLoginLM.jar in
> %TOMCAT_HOME%/common/lib folder.
>   In the JAASLoginModule itself I am using HttpRequestCallback just  
> like
> the SiteMinderLoginModule example:
> http://www.jspwiki.org/wiki/Security2.3WishList
>
> 3. I added the entries for the login module in jspwiki.policy  
> towards the
> end as such:
>
> // grant LoginModule permissions
> grant codebase "file:${catalina.home}/common/lib/JaasLoginLM.jar" {
>    permission javax.security.auth.AuthPermission "modifyPrincipals";
> };
> grant codebase "file:${catalina.home}/common/lib/JaasLoginAzn.jar" {
>
>   permission javax.security.auth.AuthPermission
> "createLoginContext.jaaslogin";
>   permission javax.security.auth.AuthPermission "doAsPrivileged";
> };
>
> 4. In jspwiki.properties file I enabled JAAS as such:
> jspwiki.security = jaas
>
> 5. On tomcat startup I specify the policy file and jaas file  
> settings as
> such:
> -Djava.security.auth.login.config==C:\Program Files\Apache Software
> Foundation\Tomcat 5.5\webapps\JSPWiki\WEB-INF\jspwiki.jaas
> -Djava.security.policy==C:\Program Files\Apache Software Foundation 
> \Tomcat
> 5.5\webapps\JSPWiki\WEB-INF\jspwiki.policy
>
> 6. Disabled container managed authentication in
> <TOMCAT_HOME>/webapps/web.xml by commenting the <security-constraint>
> section and
> in jspwiki.properties set jspwiki.userdatabase.isSharedWithContainer  
> = false
>
> Now, I restart the server and launch the mainApp and login. After  
> logging
> in, I click on the link to JSPWiki (http://<hostname:port>/JSPWiki/ 
> Wiki.jsp)
> -
> which takes me to the main page as an "Anonymous" user.
>
> I dont see JAAS being used. The logs do not show any debug messages  
> from my
> JAASLoginModule. Instead it says -
> "Checking JAAS configuration...JAAS already configured by some other
> application (leaving it alone...)"
>
> My security configuration verifier (SecurityConfig.jsp) says that it  
> found
> jspwiki.jaas. It doesn't show any errors - except that it says
> "We found some errors with your configuration: Policy file does not  
> have a
> keystore... at least not one that we can locate."
> Do I need jspwiki.jks file and an entry in policy file - keystore
> jspwiki.jks? - Currently I DO NOT have the keystore file.
>
> Do I need to programmatically create the LoginContext and call the  
> login()
> method in the JSP?
> My understanding was that all that would happen automatically in the
> background.
> I am sure I'm missing something.
>
>
> Your help is greatly appreciated!
> Thanks.


Mime
View raw message