tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Harrison <matt.harri...@tmd.tv>
Subject RE: RE : how to access Subject after authentification
Date Tue, 20 Jul 2004 15:10:29 GMT
Sorry for mis-reading your email

If anybody out there knows how to retrieve the Subject, Jean-Pierre and I
would most appreciate it!

But, if, as I suspect, this is not part of the current servlet spec, and
thus not part of Tomcat, can I make a request for this to be included next
time round?

I work around this by concatenating all the information I require from the
subject into the Principal's name in my JAAS login module, as a
java.security.Principal object is available from the request object in
Tomcat. But I guess this isn't an option for this problem.

Matt

> -----Original Message-----
> From: LERBSCHER Jean-Pierre 
> [mailto:jean-pierre.lerbscher@cofiroute.fr]
> Sent: 20 July 2004 15:40
> To: 'Tomcat Users List'
> Subject: RE : how to access Subject after authentification 
> 
> 
> Thanks Matt !
> My problem is that have to call EJB deployed in Weblogic 
> application server
> from servlet components. I use the weblogic api to propagate 
> the security
> information from tomcat to WLS. This api uses the subject! Thus it is
> necessary that I can reach it.
> 
> -----Message d'origine-----
> De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
> Envoyé : mardi 20 juillet 2004 15:59
> À : 'Tomcat Users List'
> Objet : RE: how to access Subject after authentification 
> 
> Hi
> 
> I had a similar question a while back and never really got it fully
> resolved, but I found that Tomcat doesn't save the subject as 
> a session
> attribute.
> 
> However in your case you don't need to access the subject. In 
> the web.xml
> file for your app, you can define what roles have access to 
> each resource
> (jsp, servlet) and have your JAAS login module assign these 
> roles to the
> subject - i.e. container managed security. 
> 
> e.g. add to web.xml (gives access to logins with role "user" 
> to all of your
> application):
> 
>       <security-constraint>
> 		<web-resource-collection>
> 			
> <web-resource-name>myApplication</web-resource-name>
> 			<url-pattern>/*</url-pattern>
> 		</web-resource-collection>
> 		<auth-constraint>
> 			<role-name>user</role-name>
> 		</auth-constraint>
> 	</security-constraint>
> 	<security-role>
> 		<role-name>user</role-name>
> 	</security-role>
> 
> see the tomcat docs for more info
> 
> Matt
> 
> > -----Original Message-----
> > From: LERBSCHER Jean-Pierre 
> > [mailto:jean-pierre.lerbscher@cofiroute.fr]
> > Sent: 20 July 2004 14:42
> > To: 'tomcat-user@jakarta.apache.org'
> > Subject: how to access Subject after authentification 
> > 
> > 
> > Hi,
> > 
> > I am using JAAS authentification module to authenticate user 
> > within tomcat
> > 5.0.27.
> > 
> > After the authentification, I want to control access to 
> > resources (like ejb
> > deployed in weblogic application server).
> > 
> > To control access, I have to use weblogic api with the 
> > Subject instance
> > delivred by authentification to tomcat.
> > 
> >  
> > 
> > The problem is : how can I get the subject object.. I try
> > session.getAttribute( "javax.security.auth.subject" ); but it 
> > seems that I
> > can't access to this information !
> > 
> > Any ideas?
> > 
> > Thanks,
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message