tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Baramov" <Stefan.Bara...@trx.com>
Subject JAAS and Realms configuration
Date Wed, 01 Feb 2006 23:26:00 GMT
Is it possible to confiugrat a LoginModule (according to JAAS
guidelines) which will apply different authorization strategies
according to the application requesting the JAAS service.

My initial thoughts were around configuring two separeta JAAS Realms in
this way: 

conf/server.xml
....
<Realm 
	appName="FooLoginModule" 
	className="org.apache.catalina.realm.JAASRealm" 
	roleClassNames="test.jaas.web.TrxRolePrincipal" 
	userClassNames="test.jaas.web.TrxUserPrincipal"/>

<Realm 
	appName="BarLoginModule" 
	className="org.apache.catalina.realm.JAASRealm" 
	roleClassNames="test.jaas.web.TrxRolePrincipal" 
	userClassNames="test.jaas.web.TrxUserPrincipal"/>
...

Then, the JAAS configuration file will look like this: 

conf/jaas.config

FooLoginModule {
   test.jaas.web.TrxLoginModule required debug=true app=Foo;
};

BarLoginModule {
   test.jaas.web.TrxLoginModule required debug=true app=Bar;
};


The web.xml for both application should be able to specify which Realm
should be used: 

webapps/Foo/WEB-INF/web.xml
...
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>FooLoginModule</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/error.jsp</form-error-page>
		</form-login-config>
	</login-config>
....

webapps/Bar/WEB-INF/web.xml
....
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>BarLoginModule</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/error.jsp</form-error-page>
		</form-login-config>
	</login-config>
....

Using the <realm-name/> tag I was hoping to link the login configuration
for each application to a particular JAAS Realm. However this is not
happening. Both application will use the second JAAS Realm and it seems
that <realm-name> tag is completely ignored. 

Finally, I have to say I tried this configuration on Tomcat 5.5.9 and
5.0.30 with no success. What am I missing? Is there another tag in the
web.xml that will connect me to the right JAAS Realm ?


Stefan Baramov 
Software Developer 
TRX 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message