Return-Path: 
 <users-return-140779-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 40500 invoked from network); 17 Feb 2006 12:24:25 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 17 Feb 2006 12:24:25 -0000
Received: (qmail 87416 invoked by uid 500); 17 Feb 2006 12:24:10 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 87389 invoked by uid 500); 17 Feb 2006 12:24:10 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 87354 invoked by uid 99); 17 Feb 2006 12:24:09 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Feb 2006 04:24:09 -0800
X-ASF-Spam-Status: No, hits=0.8 required=10.0
	tests=HTML_MESSAGE,INFO_TLD,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of radhakrishnan.mohan@gmail.com
 designates 64.233.184.206 as permitted sender)
Received: from [64.233.184.206] (HELO wproxy.gmail.com) (64.233.184.206)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Feb 2006 04:24:09 -0800
Received: by wproxy.gmail.com with SMTP id i4so581719wra
        for <users@tomcat.apache.org>; Fri, 17 Feb 2006 04:23:48 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=bqAskLYufVCVG+odda9YNXG+iXhwBPQ2BiuCAru5cACWbhuFiS71M3ZwOOG8Cn0uYa81mDdqrxBGEDPblh1KrODEP1UJ+nLDEsdFHBJ7VCoa+RTwsT/EP5h9J8FL5XG/qdEZgIGYkZF4RJpZLFnHsYaTAlalTzWXPgZU5PaTUyY=
Received: by 10.65.193.16 with SMTP id v16mr822702qbp;
        Fri, 17 Feb 2006 04:23:47 -0800 (PST)
Received: by 10.65.197.19 with HTTP; Fri, 17 Feb 2006 04:23:47 -0800 (PST)
Message-ID: <ed614fc80602170423x388b0283u7919f6f3975f9db4@mail.gmail.com>
Date: Fri, 17 Feb 2006 17:53:47 +0530
From: Mohan Radhakrishnan <radhakrishnan.mohan@gmail.com>
To: users@tomcat.apache.org
Subject: JAAS in Tomcat
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_4855_28857709.1140179027871"
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

------=_Part_4855_28857709.1140179027871
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi,

I have anabled authentication usng JAASRealm in Tomcat 5.x

The steps are

1. Security constraints in web.xml - Working
2. JAAS LoginModule implementation - Working because I am able to login.
3. Policy file like this



grant CodeBase "file:./struts-blank.war" Principal
com.paper.security.filter.Principal "mohan" {
  permission com.xor.auth.perm.URLPermission "/index.jsp";
  permission com.xor.auth.perm.URLPermission "/struts-blank/index.jsp";
  permission com.xor.auth.perm.URLPermission "/struts-blank/Welcome.do";};




4. Struts filter like this



       =09    HttpServletRequest httpReq =3D (HttpServletRequest) req;
            LoginContext lc =3D *new* LoginContext("WhitePaper",
        =09    =09=09*new* WhitePaperCallbackHandler( httpReq.getRemoteUser=
(),
          =09    =09=09 =09=09=09                   "javatech" ));
=09=09=09logger.info( "Authenticating [" + httpReq.getRequestURI() );
        =09lc.login();
=09=09=09logger.info( "Authenticated" );
        =09Subject s =3D lc.getSubject();
        =09javax.security.auth.Policy policy =3D
javax.security.auth.Policy.getPolicy();
        =09CodeSource cs =3D *new* CodeSource(*new* URL("file:./struts-blan=
k.war"),
        =09=09=09                       (CodeSigner[])*null*);
        =09PermissionCollection perms =3D policy.getPermissions( s, cs );
    =09
        =09*if*( perms!=3D *null* ) {
        =09=09Enumeration e =3D perms.elements();
        =09=09*while*( e.hasMoreElements()) {
    =09=09=09=09logger.info( "[" + e.nextElement() + "]");
        =09=09}
       =09    }

        =09Subject.doAsPrivileged(s, *new* PrivilegedExceptionAction() {
        =09=09*public* Object run() {
        =09=09  proceed( req,res,chain );
        =09=09  *return* *null*;
        =09=09}
       =09=09}, *null*);




The problem is that I am not able to print any permissions. So I am assumin=
g
there is a configuration problem. I am able to login and JAAS itself works
fine.

Now I am able to type a URL that is not mentioned in the policy file and
access it. So my policy file is not taking effect ??

Appreciate any help.

Thanks,
Mohan

------=_Part_4855_28857709.1140179027871--