tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Request for JAASRealm enhancement
Date Fri, 24 Aug 2012 12:42:42 GMT
2012/8/24 Enrico Olivelli <eolivelli@gmail.com>:
> Hi,
> I was trying to use JAASRealm and I noticed that it is possibile to bundle
> my LoginModule with the webapp  (useContextClassLoader) but it is not
> possibile to bundle a login.properties files
>
> // this constructor uses default JVM JAAS Configuration
> // from JAASRealm.java
> loginContext = new LoginContext(appName, callbackHandler);
>
> // the constructor I would like to be used
> URI = URI that gets a .properties file thru the classloader of my app
> ConfigFile file = new ConfigFile(URI);
> loginContext = new LoginContext(appName, callbackHandler,...,ConfigFile);
>
> can you add a configuration property for that realm in order to configure a
> JAAS ConfigFile ?
> in this way I can bundle my login.properties file inside the app or in some
> JAR to be distributed
>

OK. I do not have plans to implement this by myself, but I like the idea.

You can file an enhancement request in Bugzilla. If you prepare a
patch, you can attach it there.

Several notes:
1). The order of parameters in LoginContext constructor that you are
proposing to use is different from what you wrote above and is

new LoginContext(appName, subject, callbackHandler, configuration);

With  subject=null and configuration=null it falls back to current behaviour of
new LoginContext(appName, callbackHandler);


2). ConfigFile belongs to "com.sun.security.auth.login" package which
is not part of the public API. As thus, it cannot be used in Tomcat as
compile-time dependency.

It can be created only via reflection.

3) ConfigFile is just one possible implementation of Configuration.
Someone may use others.

4) You should not create a new instance of configuration on each call
to authenticate(), because I expect that to be slow. It should be
created only once.

5). It would be nice if you could provide sample web application that
demonstrates the feature.  It would be even better to provide a
testcase, but I think a testcase might be harder to implement.

6). It would be nice if a patch included update for documentation. The
documentation for JAASRealm is in webapps/docs/config/realm.xml and
webapps/docs/realm-howto.xml

As a quick fix / proof of concept the following is possible:
1. I think you can subclass JAASRealm and replace its authenticate()
method by your own.
2. Creation of LoginContext instance could be extracted into a factory
method in Tomcat's JAASRealm.
That way you (in a subclass) could use whatever you want to configure
a new LoginContext instance.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message