tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LERBSCHER Jean-Pierre <jean-pierre.lerbsc...@cofiroute.fr>
Subject RE : RE : RE : RE : RE : how to access Subject after authentifica tion
Date Wed, 21 Jul 2004 11:06:04 GMT
In fact my java options are :

JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaas
.config

-----Message d'origine-----
De : LERBSCHER Jean-Pierre [mailto:jean-pierre.lerbscher@cofiroute.fr] 
Envoyé : mercredi 21 juillet 2004 12:13
À : 'Tomcat Users List'
Cc : 'Jeanfrancois Arcand'
Objet : RE : RE : RE : RE : how to access Subject after authentification

The command line is ok !

But I have an exception :
Caused by: java.io.IOException: Impossible de trouver une configuration de
connexion
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
        ... 33 more
I set 
JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf
\Sample_jaas.config

The classe that instantiates the login context is located in common/classes

The standard Catalina.policy containts this permission

grant codeBase "file:${catalina.home}/common/-" {
        permission java.security.AllPermission;
};

Any ideas ?

Thanks in advance!

-----Message d'origine-----
De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
Envoyé : mardi 20 juillet 2004 19:52
À : Tomcat Users List
Objet : Re: RE : RE : RE : how to access Subject after authentification



LERBSCHER Jean-Pierre wrote:

>Could you tell me what is the correct configuration to access the jaas
login
>file with this security manager.
>  
>
You need to start Tomcat using the -security

./catalina.sh start -security

-- Jeanfrancois


>Thanks
>
>-----Message d'origine-----
>De : Jeanfrancois Arcand [mailto:jfarcand@apache.org] 
>Envoyé : mardi 20 juillet 2004 18:42
>À : Tomcat Users List
>Objet : Re: RE : RE : how to access Subject after authentification
>
>Are you both running with the security manager on? I think that's the 
>problem...
>
>-- Jeanfrancois
>
>LERBSCHER Jean-Pierre wrote:
>
>  
>
>>Matt I am ok with you! I try the two methods and I have the same results
>>(null) !
>>Perhaps we have to configure properly tomcat (?) so that it can record the
>>subject in the session. Perhaps an authenticator ?
>>Jean François ! any ideas ?
>>
>>The second method is
>>Subject.getSubject(java.security.AccessController.getContext());
>>
>>-----Message d'origine-----
>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
>>Envoyé : mardi 20 juillet 2004 17:42
>>À : 'Tomcat Users List'
>>Objet : RE: RE : how to access Subject after authentification
>>
>>I have tried both of these and they both return null!
>>
>> 
>>
>>    
>>
>>>-----Original Message-----
>>>From: Jeanfrancois Arcand [mailto:jfarcand@apache.org]
>>>Sent: 20 July 2004 16:30
>>>To: Tomcat Users List
>>>Subject: Re: RE : how to access Subject after authentification
>>>
>>>
>>>Two ways:
>>>
>>>httpSession.getAttribute("javax.security.auth.subject")
>>>
>>>or
>>>
>>>Subject.getSubject(AccessControl.getContext())
>>>
>>>-- Jeanfrancois
>>>
>>>Matt Harrison wrote:
>>>
>>>   
>>>
>>>      
>>>
>>>>Sorry for mis-reading your email
>>>>
>>>>If anybody out there knows how to retrieve the Subject, 
>>>>     
>>>>
>>>>        
>>>>
>>>Jean-Pierre and I
>>>   
>>>
>>>      
>>>
>>>>would most appreciate it!
>>>>
>>>>But, if, as I suspect, this is not part of the current 
>>>>     
>>>>
>>>>        
>>>>
>>>servlet spec, and
>>>   
>>>
>>>      
>>>
>>>>thus not part of Tomcat, can I make a request for this to be 
>>>>     
>>>>
>>>>        
>>>>
>>>included next
>>>   
>>>
>>>      
>>>
>>>>time round?
>>>>
>>>>I work around this by concatenating all the information I 
>>>>     
>>>>
>>>>        
>>>>
>>>require from the
>>>   
>>>
>>>      
>>>
>>>>subject into the Principal's name in my JAAS login module, as a
>>>>java.security.Principal object is available from the request 
>>>>     
>>>>
>>>>        
>>>>
>>>object in
>>>   
>>>
>>>      
>>>
>>>>Tomcat. But I guess this isn't an option for this problem.
>>>>
>>>>Matt
>>>>
>>>>
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>-----Original Message-----
>>>>>From: LERBSCHER Jean-Pierre 
>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
>>>>>Sent: 20 July 2004 15:40
>>>>>To: 'Tomcat Users List'
>>>>>Subject: RE : how to access Subject after authentification 
>>>>>
>>>>>
>>>>>Thanks Matt !
>>>>>My problem is that have to call EJB deployed in Weblogic 
>>>>>application server
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>>from servlet components. I use the weblogic api to propagate 
>>>>     
>>>>
>>>>        
>>>>
>>>>>the security
>>>>>information from tomcat to WLS. This api uses the subject! 
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>Thus it is
>>>   
>>>
>>>      
>>>
>>>>>necessary that I can reach it.
>>>>>
>>>>>-----Message d'origine-----
>>>>>De : Matt Harrison [mailto:matt.harrison@tmd.tv] 
>>>>>Envoyé : mardi 20 juillet 2004 15:59
>>>>>À : 'Tomcat Users List'
>>>>>Objet : RE: how to access Subject after authentification 
>>>>>
>>>>>Hi
>>>>>
>>>>>I had a similar question a while back and never really got it fully
>>>>>resolved, but I found that Tomcat doesn't save the subject as 
>>>>>a session
>>>>>attribute.
>>>>>
>>>>>However in your case you don't need to access the subject. In 
>>>>>the web.xml
>>>>>file for your app, you can define what roles have access to 
>>>>>each resource
>>>>>(jsp, servlet) and have your JAAS login module assign these 
>>>>>roles to the
>>>>>subject - i.e. container managed security. 
>>>>>
>>>>>e.g. add to web.xml (gives access to logins with role "user" 
>>>>>to all of your
>>>>>application):
>>>>>
>>>>>    <security-constraint>
>>>>>		<web-resource-collection>
>>>>>			
>>>>><web-resource-name>myApplication</web-resource-name>
>>>>>			<url-pattern>/*</url-pattern>
>>>>>		</web-resource-collection>
>>>>>		<auth-constraint>
>>>>>			<role-name>user</role-name>
>>>>>		</auth-constraint>
>>>>>	</security-constraint>
>>>>>	<security-role>
>>>>>		<role-name>user</role-name>
>>>>>	</security-role>
>>>>>
>>>>>see the tomcat docs for more info
>>>>>
>>>>>Matt
>>>>>
>>>>>  
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: LERBSCHER Jean-Pierre 
>>>>>>[mailto:jean-pierre.lerbscher@cofiroute.fr]
>>>>>>Sent: 20 July 2004 14:42
>>>>>>To: 'tomcat-user@jakarta.apache.org'
>>>>>>Subject: how to access Subject after authentification 
>>>>>>
>>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>I am using JAAS authentification module to authenticate user 
>>>>>>within tomcat
>>>>>>5.0.27.
>>>>>>
>>>>>>After the authentification, I want to control access to 
>>>>>>resources (like ejb
>>>>>>deployed in weblogic application server).
>>>>>>
>>>>>>To control access, I have to use weblogic api with the 
>>>>>>Subject instance
>>>>>>delivred by authentification to tomcat.
>>>>>>
>>>>>>
>>>>>>
>>>>>>The problem is : how can I get the subject object.. I try
>>>>>>session.getAttribute( "javax.security.auth.subject" ); but it 
>>>>>>seems that I
>>>>>>can't access to this information !
>>>>>>
>>>>>>Any ideas?
>>>>>>
>>>>>>Thanks,
>>>>>>
>>>>>>
>>>>>>    
>>>>>>
>>>>>>         
>>>>>>
>>>>>>            
>>>>>>
>>>>>------------------------------------------------------------
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>---------
>>>   
>>>
>>>      
>>>
>>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>>------------------------------------------------------------
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>---------
>>>   
>>>
>>>      
>>>
>>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>>
>>>>>  
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>   
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> 
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message