tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John McPeek <spamb...@bellsouth.net>
Subject Re: Custom JAAS LoginModule not authorizing GenericPrincipal roles
Date Wed, 20 Dec 2006 02:49:49 GMT
Hi Joe,
    This is my commit(). I think you are missing the User Principle. 
When you say request.getUserPrincipal(), that
token (1)  I am putting in first comes back. The Principles you add 
after that are the roles you want to test against.
This stuff drove me nuts when I was setting it up. Hope that does it for 
you.

John

public boolean commit() throws LoginException {
        log.debug( "Commit login." );

        if ( token != null ) {
            if ( subject.isReadOnly() ) {
                throw new LoginException( "Subject is Readonly" );
            }

****** (1) Add User Priciple first *************
            subject.getPrincipals().add( token );

            List<Permission> permissions = token.getPermissions();
            Set<Principal> jaasPermissions = subject.getPrincipals();
            for ( Permission permission : permissions ) {
                jaasPermissions.add( permission );
            }
        }

        token = null;
        return true;
    }


>I'm trying to use my own LoginModule. Its is successfully authenticating
>my username but the problem is when its trying to authorize my roles. 
> 
>Tried:
>1. Here is the code snippet from my LoginModule commit method. 
>Code:
> 
>  List roles = new ArrayList();
>  roles.add( "tomcat_auth_role" );
>  GenericPrincipal gp = new GenericPrincipal(null, username, null,
>roles);
>  subject.getPrincipals().add(gp);
>
>3. Added following to server.xml:
>Code:
> 
>      <Realm className="org.apache.catalina.realm.JAASRealm"
>                 appName="Tomcat"
> 
>userClassNames="org.apache.catalina.realm.GenericPrincipal"
> 
>roleClassNames="org.apache.catalina.realm.GenericPrincipal"
>                 useContextClassLoader="true"
>                 debug="2"/>
> 
>3. Added following to web.xml:
>Code:
> 
>    <auth-constraint>
>      <role-name>tomcat_auth_role</role-name>
>    </auth-constraint>
> 
>Any help would be greatly appreciated. 
> 
>Cheers
>Joe
>
>------------------------------------------------------------------------------
>
>This email is confidential and may be legally privileged.
>
>It is intended solely for the addressee. Access to this email by anyone else, unless expressly
approved by the sender or an authorized addressee, is unauthorized.
>
>If you are not the intended recipient, any disclosure, copying, distribution or any action
omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that
you have received this email in error, please contact the sender, delete this e-mail and destroy
all copies.
>
>==============================================================================
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message