0 Replies Latest reply on Dec 18, 2001 3:05 PM by Joel Peach

    org.jboss.web.catalina.security.JBossSecurityMgrRealm implem

    Joel Peach Newbie

      I'm in the process of tracing through the components utilized in the JBoss/Tomcat integration and I was hoping someone could validate my observations of JBossSecurityMgrRealm.

      The documentation states that the class is both a Valve and Realm implementation for Catalina which makes sense based on the methods present and the class declaration.

      As I read through, it looks as if only simple username/password authentication methods are supported. Is this correct?

      Also, the method signature that attemps to authenticate based on a chain of X509Certificate objects has a puzzling implementation.

      public Principal authenticate(X509Certificate[] certs)
       SimplePrincipal principal = null;
       Context securityCtx = getSecurityContext();
       if( securityCtx == null )
       return null;
       // Get the JBoss security manager from the ENC context
       EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup("securityMgr");
       catch(NamingException e)
       category.error("Error during authenticate", e);
       return principal;

      As you can see regardless of whether the security manager is located, null is ultimately returned from this method. It also appears that the security manager is allocated, but nothing is done with it.

      Am I understanding this correctly and/or is there any insight that someone could provide into this?

      Much appreciated.