5 Replies Latest reply on Feb 22, 2004 9:54 AM by martin0

JavaWorld JBoss JAAS paper

martin0 Feb 21, 2004 4:46 PM

I'm trying to use the paper at http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas_p.html to get a working JAAS web application working, however the example is based on JBoss 2.4, and I'm using 3.2.3

I guess that format of the server_auth.conf file of still works as this legacy format in metioned in the Admin/Development manual for JBoss3.2.1.

The build fails on the existance of

Again I presume this is not critical as I think the tomcat configuration is now in deploy/jbossweb-tomcat41.sar

However the test clients refer to a client side auth configuration file, and I don't know where the equivelent of this is for JBoss 3.2.3

Can someone shed some light on this, please?
Are my previous assumptions correct?
What does it take to get the example from this paper to work on 3.2.3?

Thanks
Martin

1. Re: JavaWorld JBoss JAAS paper

martin0 Feb 21, 2004 4:55 PM (in response to martin0)

Just realised the significance of the ClientLoginModule. However if someone has a version of this paper applied to 3.2.3 I'd still appreciated it.

Thanks
Martin
Actions
2. Re: JavaWorld JBoss JAAS paper

starksm64 Feb 21, 2004 9:47 PM (in response to martin0)

The 3.2.1 update of the article found here should apply:
http://sourceforge.net/docman/display_doc.php?docid=18240&group_id=22866
Actions
3. Re: JavaWorld JBoss JAAS paper

martin0 Feb 22, 2004 1:57 AM (in response to martin0)

Thanks very much
Martin
Actions
4. Re: JavaWorld JBoss JAAS paper

martin0 Feb 22, 2004 9:27 AM (in response to martin0)

The tests seem to work except for servlet test 6.

I see the note at the bottom of the new paper on this test, but I'm not clear what to do to get this to work. I am using 3.2.3.

Can you give me some more help Scott?

Thanks
Martin
Actions
5. Re: JavaWorld JBoss JAAS paper

martin0 Feb 22, 2004 9:54 AM (in response to martin0)

Hmm I added the following module option to DatabaseServerLoginModule

<module-option name="unauthenticatedIdentity">java</module-option>

I tried servlet PublicSession.echo() as anon but this still failed, but test 6 now works.

I guess this is because echo is still checked, but at least the session is created, and this lets the unchecked call to noop work with the unauthenticated id above.

Martin
Actions

Go to original post