2 Replies Latest reply on Jan 2, 2009 9:51 PM by phillip

    JAAS, SeamLoginModule and Third Party Servlets

    phillip
    phillip Feb 28, 2008 5:34 PM

      Hello,


      I'm working on an seam application that has embedded within in it a WebDav Servlet. The webdav directory will be served from a database and each users directory will be populated according to login. I would like to be able to use the seam login security model for both the seam website and the webdav servlet (take advantage of SeamLoginModule if I can).


      This is what I have been able to achieve so far...


      I've added the following to my WEB-INF/web.xml so that my application http://myapp/ will be a seam website; http://myapp/webdav can be used by any webdav client. This step is working fine.


          <!-- web dav support -->
    <display-name>WebDAV-Servlet</display-name>
    <servlet>
        <servlet-name>webdav</servlet-name>
        <servlet-class>
            net.sf.webdav.WebdavServlet
        </servlet-class>
        <init-param>
            <param-name>ResourceHandlerImplementation</param-name>
            <param-value>
                calgary.domain.api.core.WebFileSystemImpl
            </param-value>
        </init-param>
        <init-param>
            <param-name>storeDebug</param-name>
            <param-value>1</param-value>
        </init-param>
        <init-param>
            <param-name>servletDebug</param-name>
            <param-value>1</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>webdav</servlet-name>
        <url-pattern>/webdav/*</url-pattern>
    </servlet-mapping>



      To activate security i've added the following to my WEB-INF/web.xml


          <security-constraint> 
        <!-- web resources that are protected -->
        <web-resource-collection>
            <web-resource-name>Webdav Drive</web-resource-name>
            <url-pattern>/webdav/*</url-pattern>
        </web-resource-collection>
        
        <auth-constraint>
            <!-- role-name indicates roles that are allowed
                to access the web resource specified above -->
            <role-name>user</role-name>
          
        </auth-constraint>
    </security-constraint> 
    
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Document WebDav</realm-name>
    </login-config>
    
    <security-role>
        <role-name>user</role-name>
    </security-role>



      Added a WEB-INF/jboss-web.xml


          <jboss-web>
     <context-root>security-sample</context-root>
     <security-domain>java:/jaas/calgary</security-domain>
    </jboss-web>



      and added the following to the end of jboss/server/default/conf/login-config.xml


          <!-- # added for calgary -->
    <application-policy name="calgary">
     <authentication>
         <login-module code="org.jboss.seam.security.spi.SeamLoginModule" flag="required">
                <module-option name="authMethod">#{authenticator.authenticate}</module-option> 
            </login-module>  
     </authentication>
    </application-policy>



      When I attempt to connect to the webdav directory I get a basic username/password challenge dialogue, entering a username and password then fails. No messages are displayed in the JBoss logs - we are loggin SQL in our development environment so this is normally logged so execution does not appear to be reaching the authenticate method.


      Any assistance would be greatly appreciated.


      BTW using JBoss 4.2.2 and Seam 2.0.1.


      Cheers
      Phillip

        • 1. Re: JAAS, SeamLoginModule and Third Party Servlets
          ramay
          ramay Dec 31, 2008 11:33 AM (in response to phillip)

          Hi Phillip,


            I am wondering, are you able to proceed to further?


          I am very new to seam and in general to frame works.


          On the similar lines of you, I am trying to workout to integrate WEBDAV Servlet from net.sf.webdav.WebdavServlet in Seam for Login.


          Do please let know any inputs.


          Note: I am facing an obstacle in WEBDAV servlet itself w.r.t to the Webdev's implementation of ResourceHandlerImplementation part where one is supposed to implement the interface. Do you have any sample code on this?



          All,
              Does any one has come across the with the implementation of  WEBDAV  plus Seam's Loginmodule plus JAAS.


          Do please post if any information available related on this or any general guidelines?


          BTW I am using Seam 2.1.1 and JBoss 4.2.3 G.A.


          Cheers
          Rama

            • Actions
          • 2. Re: JAAS, SeamLoginModule and Third Party Servlets
            phillip
            phillip Jan 2, 2009 9:51 PM (in response to phillip)

            Hi Rama,


            I've put this on the back burner; I did make some progress in the end by changing the (net.sf) classes to call the authenticator bean object rather than using the container. Sorry I don't have any more useful information - best of luck.


            Cheers
            Phillip

              • Actions