tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Männistö <jugimas...@gmail.com>
Subject Tomcat and JAASRealm
Date Mon, 23 May 2005 09:06:59 GMT
Hello :)


(this is my very first post to any mailing-list)


I've been trying to get Tomcat and its JAASRealm to work for maybe
four weeks now.

Even though the JAAS authentication succeeds, Tomcat does not pass me
through to the protected web-app, but says HTTP 403 instead!

I read somewhere that the JAASRealm implementations in Tomcat versions
under 5.0.30 were somehow broken, but right now I'm using the latest
version (5.5.9 + 1.4 compatibility pack), so that shouldn't be a
problem.

I've tried fiddling with how and what Principals are added to the
Subject and so on..  I've tried everyhing I've thought of and more..

Could someone please offer some suggestions on this? :)





Here's the JAASRealm configuration from server.xml:

______________________________________________
<Realm className="org.apache.catalina.realm.JAASRealm"                 
      	appName="OutlookProxy"       
    		userClassNames="org.apache.catalina.realm.GenericPrincipal"       
     		roleClassNames="org.apache.catalina.realm.GenericPrincipal" 
		debug="99"/>
______________________________________________




Here's a snippet of my web.xml:
______________________________________________

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>OutlookProxy</web-resource-name>
      <url-pattern>/exchange/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>

    </web-resource-collection>

     <auth-constraint>
         <role-name>outlook-role</role-name>
     </auth-constraint>

  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Protected Web-app</realm-name>
  </login-config>

______________________________________________


The JAAS configuration for "OutlookProxy" contains one LoginModule.

There's a user in tomcat-userx.xml that has been associated with the
aforementioned role ("outlook-role").

The LoginModule class is in a jar file, under tomcat/server/lib.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message