incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramya KGrama" <ramyakgr...@gmail.com>
Subject JAAS with JSPWiki
Date Tue, 24 Jun 2008 18:06:04 GMT
Hello,
I have been trying to implement JAAS login with JSPWiki on Tomcat. We are
using JSPWiki 2.6.2 with Tomcat5.5
We have an existing web application (mainApp) that does not use JAAS.
However, we would like to use JSPWiki as a portal with a single-sign-on
feature -
meaning when the user logs into our mainApp the user clicks on a link to
JSPWiki application. At this point, we would like to automatically
authenticate
the user with appropriate roles and permissions and log him into JSPWiki.

To acheive this, I have done the following but doesn't seem to work:

1. Tomcat server.xml:
 a. I've added a <Context> tag for JSPWiki application and <Context> tag for
mainApp with crossContext=true in both.
 b. Added a <Realm> entry as such:
        <Realm
className="org.apache.catalina.realm.JAASRealm"
                            appName="JSPWiki-custom"

userClassNames="com.ecyrd.jspwiki.user.DefaultUserProfile"
                 roleClassNames="com.ecyrd.jspwiki.auth.authorize.Role"
                      debug="99"/>
 c. Enabled SingleSignOn by adding the <Valve> tag within the <Host> tag as
such:
         <Valve className="org.apache.catalina.authenticator.SingleSignOn"
/>

2. Placed my login module (JAASLoginModule's) jar file JAASLoginLM.jar in
%TOMCAT_HOME%/common/lib folder.
   In the JAASLoginModule itself I am using HttpRequestCallback just like
the SiteMinderLoginModule example:
http://www.jspwiki.org/wiki/Security2.3WishList

3. I added the entries for the login module in jspwiki.policy towards the
end as such:

// grant LoginModule permissions
grant codebase "file:${catalina.home}/common/lib/JaasLoginLM.jar" {
    permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant codebase "file:${catalina.home}/common/lib/JaasLoginAzn.jar" {

   permission javax.security.auth.AuthPermission
"createLoginContext.jaaslogin";
   permission javax.security.auth.AuthPermission "doAsPrivileged";
};

4. In jspwiki.properties file I enabled JAAS as such:
jspwiki.security = jaas

5. On tomcat startup I specify the policy file and jaas file settings as
such:
-Djava.security.auth.login.config==C:\Program Files\Apache Software
Foundation\Tomcat 5.5\webapps\JSPWiki\WEB-INF\jspwiki.jaas
-Djava.security.policy==C:\Program Files\Apache Software Foundation\Tomcat
5.5\webapps\JSPWiki\WEB-INF\jspwiki.policy

6. Disabled container managed authentication in
<TOMCAT_HOME>/webapps/web.xml by commenting the <security-constraint>
section and
in jspwiki.properties set jspwiki.userdatabase.isSharedWithContainer = false

 Now, I restart the server and launch the mainApp and login. After logging
in, I click on the link to JSPWiki (http://<hostname:port>/JSPWiki/Wiki.jsp)
-
which takes me to the main page as an "Anonymous" user.

I dont see JAAS being used. The logs do not show any debug messages from my
JAASLoginModule. Instead it says -
"Checking JAAS configuration...JAAS already configured by some other
application (leaving it alone...)"

My security configuration verifier (SecurityConfig.jsp) says that it found
jspwiki.jaas. It doesn't show any errors - except that it says
"We found some errors with your configuration: Policy file does not have a
keystore... at least not one that we can locate."
Do I need jspwiki.jks file and an entry in policy file - keystore
jspwiki.jks? - Currently I DO NOT have the keystore file.

Do I need to programmatically create the LoginContext and call the login()
method in the JSP?
My understanding was that all that would happen automatically in the
background.
I am sure I'm missing something.


Your help is greatly appreciated!
Thanks.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message