-
1. Re: JAAS on Tomcat 5 & Jboss 4
starksm64 Apr 11, 2005 9:57 AM (in response to legga)You need to add a security association valve that propgates the web container security identity to the ejb layer as is done with the bundled jboss/tomcat version.
-
2. Re: JAAS on Tomcat 5 & Jboss 4
legga Apr 11, 2005 10:08 AM (in response to legga)"scott.stark@jboss.org" wrote:
You need to add a security association valve that propgates the web container security identity to the ejb layer as is done with the bundled jboss/tomcat version.
Thank You Scott, I'll try that! -
3. Re: JAAS on Tomcat 5 & Jboss 4
legga Apr 14, 2005 10:20 AM (in response to legga)Do I understand right that I need an implementation of Valve interface running as a valve on Tomcat and for every request that has not been authenticated yet, it should connect to JBoss, perform the authentication and populate local subkect with principals received remotely from JBoss?
-
4. Re: JAAS on Tomcat 5 & Jboss 4
bocio Apr 14, 2005 10:42 AM (in response to legga)"Legga" wrote:
Do I understand right that I need an implementation of Valve interface running as a valve on Tomcat and for every request that has not been authenticated yet, it should connect to JBoss, perform the authentication and populate local subkect with principals received remotely from JBoss?
I'm a jaas newbie but, If I understodd well the "valve" scott is speaking about is the ClientLoginModule shipped with JBoss. This login module do not perform authentication but merely pass to the ejb layer the credential coming from elsewhere (web layer).
Look here:
http://www.jboss.org/wiki/Wiki.jsp?page=ClientLoginModule
Scott wrote a JAAS howto which explains nearly everything (I still have a lot of question):
http://sourceforge.net/docman/display_doc.php?docid=18240&group_id=22866
So for example you configure tomcat whit a form login authentication and you pass these info on the server side where you can perform the server authentication on db or ldap. Then the ClientLoginModule acts as a valve...
Bye
--
Davide
[/url] -
5. Re: JAAS on Tomcat 5 & Jboss 4
starksm64 Apr 14, 2005 10:56 AM (in response to legga)Do I understand right that I need an implementation of Valve interface running as a valve on Tomcat and for every request that has not been authenticated yet, it should connect to JBoss, perform the authentication and populate local subkect with principals received remotely from JBoss?
No. You have to establish the caller identity that is going to be authenticated as part of the ejb call by the jboss server. See the JAAS Howto or chap 8 of the admin/devel guide for how security integrates. The ClientLoginModule referenced by bocio is the standard way to propagate the security identity to the jboss ejb transport layer. If you are not obtaining the security identity from tomcat then you don't need a Valve implementation. You can use a standard servlet filter. See the JaasLoginFilter in the JAAS Howto. -
6. Re: JAAS on Tomcat 5 & Jboss 4
legga Apr 14, 2005 11:09 AM (in response to legga)Thank you, I thought about it, but in this case (I have BASIC authentication on Tomcat) I have to supply my LoginContext with a callback object which, in turn, supplies the system with login and password.
How shall I get the login and password from Tomcat? It prompts the user by itself and then creates user's identity and stores internally, if I'm not mistaken...