tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Harrison <matt.harri...@tmd.tv>
Subject RE: how to access Subject after authentification
Date Tue, 20 Jul 2004 13:59:10 GMT
Hi

I had a similar question a while back and never really got it fully
resolved, but I found that Tomcat doesn't save the subject as a session
attribute.

However in your case you don't need to access the subject. In the web.xml
file for your app, you can define what roles have access to each resource
(jsp, servlet) and have your JAAS login module assign these roles to the
subject - i.e. container managed security. 

e.g. add to web.xml (gives access to logins with role "user" to all of your
application):

      <security-constraint>
		<web-resource-collection>
			<web-resource-name>myApplication</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>user</role-name>
		</auth-constraint>
	</security-constraint>
	<security-role>
		<role-name>user</role-name>
	</security-role>

see the tomcat docs for more info

Matt

> -----Original Message-----
> From: LERBSCHER Jean-Pierre 
> [mailto:jean-pierre.lerbscher@cofiroute.fr]
> Sent: 20 July 2004 14:42
> To: 'tomcat-user@jakarta.apache.org'
> Subject: how to access Subject after authentification 
> 
> 
> Hi,
> 
> I am using JAAS authentification module to authenticate user 
> within tomcat
> 5.0.27.
> 
> After the authentification, I want to control access to 
> resources (like ejb
> deployed in weblogic application server).
> 
> To control access, I have to use weblogic api with the 
> Subject instance
> delivred by authentification to tomcat.
> 
>  
> 
> The problem is : how can I get the subject object.. I try
> session.getAttribute( "javax.security.auth.subject" ); but it 
> seems that I
> can't access to this information !
> 
> Any ideas?
> 
> Thanks,
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message