struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Last question on JAAS I promise
Date Wed, 10 Aug 2005 10:27:42 GMT
My bet is that Mark will get will get 95% of the way there but not be 
able to bend container-managed security that last little bit to achieve 
what he needs.

I don't want to be deliberately down on this and I'd love to be wrong 
about it, but I've been there and done that in Tomcat 5 and JBoss and 
came up short.

In fact, Craig posted a link to a Sun colleague of his who is looking at 
the next Servlet spec and [quote]:

# Improved Security -  This has been an area where we have wanted to 
refine for sometime. This may includes APIs for programatic login.

Mark, I thought you might want to leave comments when you're done with 
what you're doing, since it will be fresh in your mind (I added comments 
just yesterday but the programming was something I did over a year ago)

http://weblogs.java.net/blog/gmurray71/archive/2005/07/got_servlets.html


Adam

erikweber@mindspring.com on 09/08/05 22:04, wrote:
> Thanks Craig.
> 
> Well Mark, I'd be interested in hearing how it turns out. Good luck.
> 
> Erik
> 
> 
> -----Original Message-----
> From: Craig McClanahan <craigmcc@gmail.com>
> Sent: Aug 9, 2005 4:42 PM
> To: Struts Users Mailing List <user@struts.apache.org>, erikweber@mindspring.com
> Subject: Re: Last question on JAAS I promise
> 
> On 8/9/05, erikweber@mindspring.com <erikweber@mindspring.com> wrote:
> 
>>I found my login-config.xml. Suddenly I fear that I had this working in JBoss but
not stand-alone Tomcat, but yet I *know* I was calling isUserInRole. At the same time, I remember
the propagation problem between Tomcat and JBoss, and this config is definitely for JBoss.
But isUserInRole would definitely be a Tomcat thing . . .  Damn!
>>
>><application-policy name="mysqldb">
>>  <authentication>
>>    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
>>      <module-option name="unauthenticatedIdentity">anybody</module-option>
>>      <module-option name="dsJndiName">java:/MySQLDB</module-option>
>>      <module-option name="principalsQuery">SELECT password FROM auth_user WHERE
username = ?</module-option>
>>      <module-option name="rolesQuery">SELECT group_name, 'Roles' FROM auth_group,
auth_user_group, auth_user WHERE auth_group.group_id = auth_user_group.group_id AND auth_user_group.user_id
= auth_user.user_id AND auth_user.username = ?</module-option>
>>    </login-module>
>>  </authentication>
>></application-policy>
>>
>>Erik
>>
> 
> 
> Tomcat has reasonably good documentation about how to configure
> container managed security.  For Tomcat 5.0, it's at:
> 
>     http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
> 
> Because it looks like you have your users in a database, you'll want
> to focus on setting up a JDBCRealm configuration.  If you need further
> help on it, asking on the Tomcat User list is a good bet (to
> subscribe, send an empty message to
> <tomcat-user-subscribe@jakarta.apache.org>).
> 
> Craig
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message