Return-Path: 
 <users-return-155684-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 63140 invoked from network); 20 Dec 2006 02:50:34 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Dec 2006 02:50:34 -0000
Received: (qmail 87104 invoked by uid 500); 20 Dec 2006 02:50:24 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 87090 invoked by uid 500); 20 Dec 2006 02:50:24 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 87079 invoked by uid 99); 20 Dec 2006 02:50:24 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 18:50:24 -0800
X-ASF-Spam-Status: No, hits=1.9 required=10.0
	tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of spambomb@bellsouth.net
 designates 205.152.59.72 as permitted sender)
Received: from [205.152.59.72] (HELO imf24aec.mail.bellsouth.net)
 (205.152.59.72)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 18:50:12 -0800
Received: from ibm70aec.bellsouth.net ([68.17.244.161])
          by imf24aec.mail.bellsouth.net with ESMTP
          id
 <20061220024950.TBNK4506.imf24aec.mail.bellsouth.net@ibm70aec.bellsouth.net>
          for <users@tomcat.apache.org>; Tue, 19 Dec 2006 21:49:50 -0500
Received: from [192.168.1.148] (really [68.17.244.161])
          by ibm70aec.bellsouth.net with ESMTP
          id <20061220024950.JLYD18024.ibm70aec.bellsouth.net@[192.168.1.148]>
          for <users@tomcat.apache.org>; Tue, 19 Dec 2006 21:49:50 -0500
Message-ID: <4588A4CD.4020806@bellsouth.net>
Date: Tue, 19 Dec 2006 21:49:49 -0500
From: John McPeek <spambomb@bellsouth.net>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Custom JAAS LoginModule not authorizing GenericPrincipal roles
References: <C6E490659C0631428422906F77DE6CA707134029@PDXEXUW03.pacificorp.us>
In-Reply-To: 
 <C6E490659C0631428422906F77DE6CA707134029@PDXEXUW03.pacificorp.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Joe,
    This is my commit(). I think you are missing the User Principle. 
When you say request.getUserPrincipal(), that
token (1)  I am putting in first comes back. The Principles you add 
after that are the roles you want to test against.
This stuff drove me nuts when I was setting it up. Hope that does it for 
you.

John

public boolean commit() throws LoginException {
        log.debug( "Commit login." );

        if ( token != null ) {
            if ( subject.isReadOnly() ) {
                throw new LoginException( "Subject is Readonly" );
            }

****** (1) Add User Priciple first *************
            subject.getPrincipals().add( token );

            List<Permission> permissions = token.getPermissions();
            Set<Principal> jaasPermissions = subject.getPrincipals();
            for ( Permission permission : permissions ) {
                jaasPermissions.add( permission );
            }
        }

        token = null;
        return true;
    }


>I'm trying to use my own LoginModule. Its is successfully authenticating
>my username but the problem is when its trying to authorize my roles. 
> 
>Tried:
>1. Here is the code snippet from my LoginModule commit method. 
>Code:
> 
>  List roles = new ArrayList();
>  roles.add( "tomcat_auth_role" );
>  GenericPrincipal gp = new GenericPrincipal(null, username, null,
>roles);
>  subject.getPrincipals().add(gp);
>
>3. Added following to server.xml:
>Code:
> 
>      <Realm className="org.apache.catalina.realm.JAASRealm"
>                 appName="Tomcat"
> 
>userClassNames="org.apache.catalina.realm.GenericPrincipal"
> 
>roleClassNames="org.apache.catalina.realm.GenericPrincipal"
>                 useContextClassLoader="true"
>                 debug="2"/>
> 
>3. Added following to web.xml:
>Code:
> 
>    <auth-constraint>
>      <role-name>tomcat_auth_role</role-name>
>    </auth-constraint>
> 
>Any help would be greatly appreciated. 
> 
>Cheers
>Joe
>
>------------------------------------------------------------------------------
>
>This email is confidential and may be legally privileged.
>
>It is intended solely for the addressee. Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized.
>
>If you are not the intended recipient, any disclosure, copying, distribution or any action omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender, delete this e-mail and destroy all copies.
>
>==============================================================================
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org