tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Harrison <matt.harri...@tmd.tv>
Subject RE: RE : RE : RE : RE : RE : how to access Subject after authenti fica tion
Date Wed, 21 Jul 2004 16:14:57 GMT

instead of using something like
JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf
\Sample_jaas.config

to locate your jaas config file, you could edit the java.security file of
the jre used by Tomcat instead, you are likely to find this file somewhere
like:

%java_home%\jre\lib\security\java.security 

add the following line in this file

login.config.url.1=file:///%CATALINA_HOME%\conf\Sample_jaas.config
(you might have to type the full path, rather than use %catalina_home%, I
dont know)

or make it .2 if there is a .1 entry etc

Matt

> -----Original Message-----
> From: Jeanfrancois Arcand [mailto:jfarcand@apache.org]
> Sent: 21 July 2004 16:58
> To: Tomcat Users List
> Subject: Re: RE : RE : RE : RE : RE : how to access Subject after
> authentifica tion
> 
> 
> 
> 
> LERBSCHER Jean-Pierre wrote:
> 
> >In fact my java options are :
> >
> >JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\c
> onf\Sample_jaas
> >.config
> >
> >-----Message d'origine-----
> >De : LERBSCHER Jean-Pierre 
> [mailto:jean-pierre.lerbscher@cofiroute.fr] 
> >Envoyé : mercredi 21 juillet 2004 12:13
> >À : 'Tomcat Users List'
> >Cc : 'Jeanfrancois Arcand'
> >Objet : RE : RE : RE : RE : how to access Subject after 
> authentification
> >
> >The command line is ok !
> >
> >But I have an exception :
> >Caused by: java.io.IOException: Impossible de trouver une 
> configuration de
> >connexion
> >  
> >
> Hehe :-) Pas mal comme message d'erreur ;-)
> 
> >        at 
> com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
> >        at 
> com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
> >        ... 33 more
> >I set 
> >JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATA
> LINA_HOME%\conf
> >\Sample_jaas.config
> >  
> >
> I never used JAAS this way so I cannot help you. Are you 
> trying to load 
> the file from your webapp? Hav eyou try  to put the file 
> inside the war?
> 
> -- Jeanfrancois
> 
> 
> >The classe that instantiates the login context is located in 
> common/classes
> >
> >The standard Catalina.policy containts this permission
> >
> >grant codeBase "file:${catalina.home}/common/-" {
> >        permission java.security.AllPermission;
> >};
> >
> >Any ideas ?
> >
> >Thanks in advance!
> >
> >-----Message d'origine-----
> >De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
> >Envoyé : mardi 20 juillet 2004 19:52
> >À : Tomcat Users List
> >Objet : Re: RE : RE : RE : how to access Subject after 
> authentification
> >
> >
> >
> >LERBSCHER Jean-Pierre wrote:
> >
> >  
> >
> >>Could you tell me what is the correct configuration to 
> access the jaas
> >>    
> >>
> >login
> >  
> >
> >>file with this security manager.
> >> 
> >>
> >>    
> >>
> >You need to start Tomcat using the -security
> >
> >./catalina.sh start -security
> >
> >-- Jeanfrancois
> >
> >
> >  
> >
> >>Thanks
> >>
> >>-----Message d'origine-----
> >>De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
> >>Envoyé : mardi 20 juillet 2004 18:42
> >>À : Tomcat Users List
> >>Objet : Re: RE : RE : how to access Subject after authentification
> >>
> >>Are you both running with the security manager on? I think 
> that's the 
> >>problem...
> >>
> >>-- Jeanfrancois
> >>
> >>LERBSCHER Jean-Pierre wrote:
> >>
> >> 
> >>
> >>    
> >>
> >>>Matt I am ok with you! I try the two methods and I have 
> the same results
> >>>(null) !
> >>>Perhaps we have to configure properly tomcat (?) so that 
> it can record the
> >>>subject in the session. Perhaps an authenticator ?
> >>>Jean François ! any ideas ?
> >>>
> >>>The second method is
> >>>Subject.getSubject(java.security.AccessController.getContext());
> >>>
> >>>-----Message d'origine-----
> >>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
> >>>Envoyé : mardi 20 juillet 2004 17:42
> >>>À : 'Tomcat Users List'
> >>>Objet : RE: RE : how to access Subject after authentification
> >>>
> >>>I have tried both of these and they both return null!
> >>>
> >>>
> >>>
> >>>   
> >>>
> >>>      
> >>>
> >>>>-----Original Message-----
> >>>>From: Jeanfrancois Arcand [mailto:jfarcand@apache.org]
> >>>>Sent: 20 July 2004 16:30
> >>>>To: Tomcat Users List
> >>>>Subject: Re: RE : how to access Subject after authentification
> >>>>
> >>>>
> >>>>Two ways:
> >>>>
> >>>>httpSession.getAttribute("javax.security.auth.subject")
> >>>>
> >>>>or
> >>>>
> >>>>Subject.getSubject(AccessControl.getContext())
> >>>>
> >>>>-- Jeanfrancois
> >>>>
> >>>>Matt Harrison wrote:
> >>>>
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>Sorry for mis-reading your email
> >>>>>
> >>>>>If anybody out there knows how to retrieve the Subject, 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>Jean-Pierre and I
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>would most appreciate it!
> >>>>>
> >>>>>But, if, as I suspect, this is not part of the current 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>servlet spec, and
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>thus not part of Tomcat, can I make a request for this to be 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>included next
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>time round?
> >>>>>
> >>>>>I work around this by concatenating all the information I 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>require from the
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>subject into the Principal's name in my JAAS login module, as a
> >>>>>java.security.Principal object is available from the request 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>object in
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>Tomcat. But I guess this isn't an option for this problem.
> >>>>>
> >>>>>Matt
> >>>>>
> >>>>>
> >>>>>
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>>>-----Original Message-----
> >>>>>>From: LERBSCHER Jean-Pierre 
> >>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
> >>>>>>Sent: 20 July 2004 15:40
> >>>>>>To: 'Tomcat Users List'
> >>>>>>Subject: RE : how to access Subject after authentification 
> >>>>>>
> >>>>>>
> >>>>>>Thanks Matt !
> >>>>>>My problem is that have to call EJB deployed in Weblogic 
> >>>>>>application server
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>from servlet components. I use the weblogic api to propagate

> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>>>the security
> >>>>>>information from tomcat to WLS. This api uses the subject! 
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>Thus it is
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>>necessary that I can reach it.
> >>>>>>
> >>>>>>-----Message d'origine-----
> >>>>>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
> >>>>>>Envoyé : mardi 20 juillet 2004 15:59
> >>>>>>À : 'Tomcat Users List'
> >>>>>>Objet : RE: how to access Subject after authentification 
> >>>>>>
> >>>>>>Hi
> >>>>>>
> >>>>>>I had a similar question a while back and never really 
> got it fully
> >>>>>>resolved, but I found that Tomcat doesn't save the subject as

> >>>>>>a session
> >>>>>>attribute.
> >>>>>>
> >>>>>>However in your case you don't need to access the subject. In

> >>>>>>the web.xml
> >>>>>>file for your app, you can define what roles have access to 
> >>>>>>each resource
> >>>>>>(jsp, servlet) and have your JAAS login module assign these 
> >>>>>>roles to the
> >>>>>>subject - i.e. container managed security. 
> >>>>>>
> >>>>>>e.g. add to web.xml (gives access to logins with role "user"

> >>>>>>to all of your
> >>>>>>application):
> >>>>>>
> >>>>>>   <security-constraint>
> >>>>>>		<web-resource-collection>
> >>>>>>			
> >>>>>><web-resource-name>myApplication</web-resource-name>
> >>>>>>			<url-pattern>/*</url-pattern>
> >>>>>>		</web-resource-collection>
> >>>>>>		<auth-constraint>
> >>>>>>			<role-name>user</role-name>
> >>>>>>		</auth-constraint>
> >>>>>>	</security-constraint>
> >>>>>>	<security-role>
> >>>>>>		<role-name>user</role-name>
> >>>>>>	</security-role>
> >>>>>>
> >>>>>>see the tomcat docs for more info
> >>>>>>
> >>>>>>Matt
> >>>>>>
> >>>>>> 
> >>>>>>
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>-----Original Message-----
> >>>>>>>From: LERBSCHER Jean-Pierre 
> >>>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
> >>>>>>>Sent: 20 July 2004 14:42
> >>>>>>>To: 'tomcat-user@jakarta.apache.org'
> >>>>>>>Subject: how to access Subject after authentification 
> >>>>>>>
> >>>>>>>
> >>>>>>>Hi,
> >>>>>>>
> >>>>>>>I am using JAAS authentification module to authenticate user

> >>>>>>>within tomcat
> >>>>>>>5.0.27.
> >>>>>>>
> >>>>>>>After the authentification, I want to control access to 
> >>>>>>>resources (like ejb
> >>>>>>>deployed in weblogic application server).
> >>>>>>>
> >>>>>>>To control access, I have to use weblogic api with the 
> >>>>>>>Subject instance
> >>>>>>>delivred by authentification to tomcat.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>The problem is : how can I get the subject object.. I try
> >>>>>>>session.getAttribute( "javax.security.auth.subject" ); but
it 
> >>>>>>>seems that I
> >>>>>>>can't access to this information !
> >>>>>>>
> >>>>>>>Any ideas?
> >>>>>>>
> >>>>>>>Thanks,
> >>>>>>>
> >>>>>>>
> >>>>>>>   
> >>>>>>>
> >>>>>>>        
> >>>>>>>
> >>>>>>>           
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>------------------------------------------------------------
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>---------
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>>To unsubscribe, e-mail: 
> tomcat-user-unsubscribe@jakarta.apache.org
> >>>>>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>>>>
> >>>>>>
> >>>>>>------------------------------------------------------------
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>---------
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>>To unsubscribe, e-mail: 
> tomcat-user-unsubscribe@jakarta.apache.org
> >>>>>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>>>>
> >>>>>> 
> >>>>>>
> >>>>>>      
> >>>>>>
> >>>>>>         
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>---------------------------------------------------------
> ------------
> >>>>>To unsubscribe, e-mail: 
> tomcat-user-unsubscribe@jakarta.apache.org
> >>>>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>----------------------------------------------------------
> -----------
> >>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>>
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>-----------------------------------------------------------
> ----------
> >>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>
> >>>
> >>>-----------------------------------------------------------
> ----------
> >>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> >>>
> >>>
> >>>
> >>>
> >>>   
> >>>
> >>>      
> >>>
> >>------------------------------------------------------------
> ---------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >>------------------------------------------------------------
> ---------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >> 
> >>
> >>    
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >  
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message