0 Replies Latest reply on Feb 8, 2002 10:31 AM by Matthew Lipper

    Catalina/JBoss Realm configuration

    Matthew Lipper Newbie

      Hmmm, I posted this to the Security forum and got no reply so I'll give it another go.

      OK -

      I must be missing something obvious (and/or doing something really bone-headed). I have set up and successfully deployed my app in JBoss-2.4.4_Tomcat-4.0.1.
      My web context is deployed in Catalina using FORM based authentication and I am using the JBoss DatabaseServerLoginModule to authenticate all users. This works fine and when I request a protected web resource, Catalina behaves as expected by collecting and authenticating my form data. However when I try to reference the current request's security info

      Principal principal = ((HttpServletRequest)request).getUserPrincipal();

      the references are all null. I'm guessing that either I have not configured things correctly or that in order to work directly with Catalina container security(Realms?!) I have to get a proper reference like so:

      // Create the initial context
      Context ctx = new InitialContext();

      // Look up an object
      JaasSecurityManager securityManager = (JaasSecurityManager)ctx.lookup("java:/jaas/dclLogin");

      I guess what I'm asking here is what is the proper way to configure/deploy my web apps so that the standard role info is available for programatic inspection and manipulation? Selected portions of my conf files are as follows:

      //auth.conf (Shown in full)
      dclLogin {
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      principalsQuery="select password from customer where username=?"
      rolesQuery="SELECT p.permission_type, p.role_group FROM login_account l, permission_type p WHERE p.permission_type = l.permission_type AND l.username=?"




      <!-- ### Security -->
      Security test
      no description
      <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page>

      Golden God!

      Context Owner

      Context Admin

      End User

      I haven't altered Catalina's server.xml and Catalina's JDBC realm works fine when I deploy a stand alone Web container.

      Any help or advice is greatly appreciated!