Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Security Search Coderanch
Advance search Google search
Register / Login
granny book review grid thread boost polymorphism advertise on coderanch
Win a copy of Eclipse Collections Categorically: Level up your programming game this week in the Open Source Projects forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
thread boost book review grid advertise on coderanch meaningless drivel building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Error in integrating Simple JAAS with Tomcat 5.0

 
avaya sahu
Greenhorn
Posts: 14
posted 16 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
I am working on security module with the following requirement.
1. Authentication should happen once using basic authentication.

2. Any subsequent request should go through the process but should not do the actual authentication rather should check the data from session.

can some provide me sample class and configuration detail to integrate simple LoginModule. At this point I don't have any Autherization requirement, all modules are accessible to all authenticated user. Authentication criteria: user name should same as password.


I have tried it by reading some document. I am able to complete the authentication part I belive but authorization is not working.
Below are the files and steps that I have performed.

web.xml Change
============
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Your Realm</realm-name>
</login-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>


jaas config:
=========
DemoSP {
HttpLoginModule required debug=true;
};

server.xml
==========

<Realm className="org.apache.catalina.realm.JAASRealm"
appName="DemoSP"
userClassNames="SamplePrincipal"
roleClassNames="SampleGroupPrincipal"
useContextClassLoader="true"
debug="99"/>


HttpLoginModule.java
===============
public class HttpLoginModule implements LoginModule {
public boolean login() throws LoginException {
String username = null;
String password = null;
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
password = new String(((PasswordCallback) callbacks[1]).getPassword());
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.toString());
}
userPrincipal = new SamplePrincipal(username);
return true;
}
public boolean commit() throws LoginException {
return true;
}
//default implementation for others
}

JDK argument :
===========
-Djava.security.auth.login.config==jaas.config

Thanks
 
Roses are red, violets are blue. Some poems rhyme and some don't. And some poems are a tiny ad.
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...