tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loyd Bacani <lgbac...@yahoo.com>
Subject RE: Problem implementing JAAS in Tomcat 4.1.2
Date Thu, 19 Jun 2003 14:33:36 GMT
I wish a was a bit more thorough in the first run, sorry about that. My question is more of
"How do I implement JAAS in Tomcat?" I know this is a broad question so lets break it down.

 
1. How do I configure Tomcat so that it uses JAAS?
2. What configuration files ( Java Secutiy & Tomcat ) do I need to accomplish question
#1?
3. Programmatically, I believe I have to extend org.apache.catalina.realm.JAASMemoryLoginModule
but how does Tomcat validates users using JAASRealm?
 
For #1 the following:
// server.xml
      <Realm  className="org.apache.catalina.realm.JAASRealm" debug="99"
                appName="JAASPolicy"
         userClassNames="java.security.Principal"
         roleClassNames="java.security.Principal"/>
 
For #2 the following:
// jaas.config
JAASPolicy
{
  cdmanager.security.tomcat.JAASLoginModule required debug=true;
};
 
// jaas.policy
grant codeBase "file:${catalina.home}/webapps/cdmanager/WEB-INF/classes/- { 
   permission java.util.PropertyPermission "java.security.auth.login.config", "read";
   permission java.util.PropertyPermission "java.security.auth.policy", "read";
   
   permission javax.security.auth.AuthPermission "createLoginContext";
   permission javax.security.auth.AuthPermission "doAsPrivileged";
   
};
 
For #3 the following:
// JAASLoginModule
public class JAASLoginModule extends org.apache.catalina.realm.JAASMemoryLoginModule {
    // initial state
    private Subject subject;
    private CallbackHandler callbackHandler;
 
   <snip>
  public void initialize(Subject subject, CallbackHandler callbackHandler,
   Map sharedState, Map options) {
  this.subject = subject;
  this.callbackHandler = callbackHandler;
  this.sharedState = sharedState;
  this.options = options;
 <snip>

// ContainerAuthentication.java
<snip>
            cdmanager.security.tomcat.JAASLoginCallbackHandler handler = new cdmanager.security.tomcat.JAASLoginCallbackHandler(request);
            loginContext = new LoginContext("JAASPolicy", new cdmanager.security.tomcat.JAASLoginCallbackHandler(request));
            loginContext = new LoginContext("JAASPolicy", handler );
 
            loginContext.login();  // EXCEPTION HERE
<snip>

 
"Shapira, Yoav" <Yoav.Shapira@mpi.com> wrote:

Howdy,
Oh boy... See intermixed.

>I've used this code in Weblogic 6.X without any problem. If
>this could be done in Weblogic, then there is NO reason why we can't do
it

Of course there is. Tomcat's configuration is different than Weblogic's
configuration. Weblogic provides a superset of the servlet
specification, not to mention a complete J2EE container. Unless "this
code", "this", and "it" in the above sentence relate directly to the
servlet specification, v2.3, the above is false.


>Can anyone tell me what am I doing wrong? Or perhaps point me in the
right
>direction.

Read the JAASRealm JavaDoc for starters:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/index.
html

Actually look at the example JAASRealm to see what attributes it takes.
Don't just assume it takes the same attribute names as the weblogic
equivalent.

> debug="99"
> loginContext="JAASPolicy"
>
callbackHandler="cdmanager.security.tomcat.JAASLoginCallbackHandler"/>

This is meaningless as these are not the attributes expected by
JAASRealm.

>// ContainerAuthentication.java


This is irrelevant as the JAASRealm is not configured correctly.

Yoav Shapira



This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged. This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender. Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message