1 Reply Latest reply on Oct 7, 2001 12:44 PM by cjohnson

    Catalina Realms & JBoss 2.4

    cjohnson

      I'm trying to figure out how to integrate Catalina Realms with JBoss. I want to have servlets/JSPs that use BASIC authentication. I have been unsuccessful with using the MemoryRealm from Catalina with the Manager web app that ships with Catalina.

      This should use the $CATALINA_HOME/conf/tomcat-users.xml file for authentication of users and roles. I have not changed anything in the tomcat configuration, just created a war file from the $CATALINA_HOME/wepapps/manager directory and successfully deployed it in $JBOSS_HOME/jboss/deploy. It works fine, but does not authenticate before allowing access to the manager application. I would ultimately like to use JNDI with LDAP for BASIC and FORM authentication. I am worried that I may need to have a JNDI Realm for Tomcat and a JAAS Module for Jboss in order to do this.

      Does anyone have any information on how to make these pieces work together? Should I write a custom Realm module for Catalina that passes authentication to JBossSX? Is there a JBossSX module I can use that will intercept BASIC authentication from Catalina?
      I'm pretty confused on how this works... If anyone knows where any docs describing how Catalina and JBoss are integrated and goes into service details that might point me in the right direction, I'd sure appreciate it.

      TIA

        • 1. Re: Catalina Realms & JBoss 2.4
          cjohnson

          OK... I think I'm almost there.

          I added the jboss-web.xml to the manager.war in WEB-INF, it contains:
          <?xml version="1.0"?>
          <jboss-web>
          <security-domain>java:/jaas/manager</security-domain>
          </jboss-web>

          auth.conf contains
          manager {
          org.jboss.security.auth.spi.UsersRolesLoginModule required
          unauthenticatedIdentity="nobody";
          };

          I placed a users.properties and roles.properties in $JBOSS_HOME/jboss/conf/catalina with the contents of

          users.properties:
          admin=admin

          roles.properties:
          admin=manager

          The web.xml for the manager.war is unchanged from the distro, the security-constraint and login-config look like:
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Entire Application</web-resource-name>
          <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
          <!-- NOTE: This role is not present in the default users file -->
          <role-name>manager</role-name>
          </auth-constraint>
          </security-constraint>

          <!-- Define the Login Configuration for this Application -->
          <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Tomcat Manager Application</realm-name>
          </login-config>

          I'm now getting a 403 whenever I connect to http://localhost:8080/manager yet I should be getting a BASIC auth prompt from the server. Can anyone tell me where I'm getting this wrong?

          TIA