tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arto Pastinen <arto.pasti...@ofw.fi>
Subject about authentication
Date Mon, 27 Dec 2004 08:48:18 GMT
Hi!

Can someone explain how tomcat handles authentication.

My problem is, that i must access secure EJB's from my web application,
and everything work fine, if i use tomcat's basic or form
authentication, but the problem is that i cannot show login page (basic
or form), and i will use static principal & credential.
(username/password).

I have make security filter, which login to loginmodule
(org.jboss.security.ClientLoginModule) in filter, and login seems to
success.

i put subject to session, and i use it in my code:

 Subject s = (Subject)
getHttpServletRequest().getSession().getAttribute("subject");
System.out.println("Delegate.test() subject: " + s);
s.doAs(null, new PrivilegedAction() {
  public Object run() {        
    try { 
DocumentControllerHomeLocal home =
((DocumentControllerHomeLocal)getRunData().getBean("documentControllerHomeLocal"));

DocumentControllerLocal local = home.create();
getEjbLocalObject(local);

	setEjbLocalObject(((DocumentControllerHomeLocal)
getBean("testLocalHome")).create());
        }
        catch(Throwable t) {
      t.printStackTrace();
      }
  return null;			        
}
});

That system.out show's me that correct principal / credential is
associated with subject, so login in success when i get home object. (by
springframework JndiAccess) but it just wont work!
authentication data is not marshalled with (home.create()) RMI call, no
matter what i try.

I have tried to search what tomcat do in different way in basic
authentication, but i am very busy, and i have no time to read all
authentication code.. so i will be very happy every help.

btw. i use jboss..

Thnx already, Artsi




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message