JAAS, SeamLoginModule and Third Party Servlets
phillip Feb 28, 2008 5:34 PMHello,
I'm working on an seam application that has embedded within in it a WebDav Servlet. The webdav directory will be served from a database and each users directory will be populated according to login. I would like to be able to use the seam login security model for both the seam website and the webdav servlet (take advantage of SeamLoginModule if I can).
This is what I have been able to achieve so far...
I've added the following to my WEB-INF/web.xml so that my application http://myapp/ will be a seam website; http://myapp/webdav can be used by any webdav client. This step is working fine.
<!-- web dav support --> <display-name>WebDAV-Servlet</display-name> <servlet> <servlet-name>webdav</servlet-name> <servlet-class> net.sf.webdav.WebdavServlet </servlet-class> <init-param> <param-name>ResourceHandlerImplementation</param-name> <param-value> calgary.domain.api.core.WebFileSystemImpl </param-value> </init-param> <init-param> <param-name>storeDebug</param-name> <param-value>1</param-value> </init-param> <init-param> <param-name>servletDebug</param-name> <param-value>1</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>webdav</servlet-name> <url-pattern>/webdav/*</url-pattern> </servlet-mapping>
To activate security i've added the following to my WEB-INF/web.xml
<security-constraint> <!-- web resources that are protected --> <web-resource-collection> <web-resource-name>Webdav Drive</web-resource-name> <url-pattern>/webdav/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- role-name indicates roles that are allowed to access the web resource specified above --> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Document WebDav</realm-name> </login-config> <security-role> <role-name>user</role-name> </security-role>
Added a WEB-INF/jboss-web.xml
<jboss-web> <context-root>security-sample</context-root> <security-domain>java:/jaas/calgary</security-domain> </jboss-web>
and added the following to the end of jboss/server/default/conf/login-config.xml
<!-- # added for calgary --> <application-policy name="calgary"> <authentication> <login-module code="org.jboss.seam.security.spi.SeamLoginModule" flag="required"> <module-option name="authMethod">#{authenticator.authenticate}</module-option> </login-module> </authentication> </application-policy>
When I attempt to connect to the webdav directory I get a basic username/password challenge dialogue, entering a username and password then fails. No messages are displayed in the JBoss logs - we are loggin SQL in our development environment so this is normally logged so execution does not appear to be reaching the authenticate method.
Any assistance would be greatly appreciated.
BTW using JBoss 4.2.2 and Seam 2.0.1.
Cheers
Phillip