This content has been marked as final.
Show 3 replies
-
1. Re: Tomcat JAASRealm configuration
mwinkels Sep 28, 2005 5:27 AM (in response to mwinkels)Hello,
I tried the following:
Added to JBoss /deploy/jbossweb-tomcat55.sar/server.xml<Realm className="org.apache.catalina.realm.JAASRealm" appName="jboss.web" userClassNames="myPrincipal" roleClassNames="org.jboss.security.SimpleGroup"/>
In myWebApp /WEB-INF/web.xml<security-constraint> <web-resource-collection> <web-resource-name>Whole site</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>mySecurityDomain</realm-name> </login-config>
In myWebApp jboss.xml<security-domain>java:/jaas/mySecurityDomain</security-domain>
In JBoss /conf/login-xonfig.xml<application-policy name="jboss.web"> <authentication> <login-module code="myPrincipalCreatingLoginModule" flag="required"/> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="multi-threaded">true</module-option> </login-module> <login-module code="myAuthenticatingLoginModule" flag="required"/> </authentication> </application-policy>
Now I can login to the web app, my custom principal is created and authenticated by the (custom) login module and propagated to the ejb layer. Great!
Here come the problems:
1) Every HTTP request creates a new Principal. The principal is not stored/cached in the session.
2) I cannot switch to form authentication (this doesn't seem to work, is this a known tomcat/jboss bug?)
3) I cannot specify a role in the auth-constraint. The JAASRealm seems not to understand the SimpleGroup. The name is not recognised.
Has anybody experienced these problems before? Am I missing something?
Thanks in advance!
-Maarten Winkels -
2. Re: Tomcat JAASRealm configuration
mwinkels Sep 28, 2005 6:16 AM (in response to mwinkels)When I switch to FORM authentication using:
<login-config> <auth-method>FORM</auth-method> <realm-name>mySecurityDomain</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/authorization-error.jsp</form-error-page> </form-login-config> </login-config>
The principal is not propagated to the EJB layer. The authorization is performed correctly, but when invoking a method on an EJB a security exception is thrown.
Any help is greatly appreciated.
-Maarten Winkels -
3. Re: Tomcat JAASRealm configuration
mwinkels Sep 29, 2005 6:24 AM (in response to mwinkels)I think I have found why the principal is not propagated. The SessionAssociationValve, that is supposed to propagate the principal from the Web tier to the EJB tier checks the type of the principal and only sets it on the security association if the principal is a JBossGenericPrincipal. This is a package privat type in the tomcat55-service.jar, the tomcat adaptor that JBoss uses.