[JBoss-user] [Security & JAAS/JBoss] - Negotiate Kerberos

Wed, 21 Dec 2005 08:40:05 -0800 

hi all,
I'm trying to configure my jboss to use kerberos to authenticate the user.

The confiration files I use are...


  | web.xml
  | 
  | <web-app>
  |     <display-name>Hello World</display-name>
  |     
  |     <security-constraint>
  |         <web-resource-collection>
  |             <web-resource-name>HelloWorldSec</web-resource-name>
  |             <description>
  |                 An example security config that only allows users with the
  |                 role JBossAdmin to access the HTML JMX console web 
application
  |             </description>
  |             <url-pattern>/*</url-pattern>
  |             <http-method>GET</http-method>
  |             <http-method>POST</http-method>
  |         </web-resource-collection>
  |         <auth-constraint>
  |             <role-name>PP</role-name>
  |         </auth-constraint>
  |     </security-constraint>
  |     <login-config>
  |       <auth-method>Negotiate</auth-method>
  |       <realm-name>Test Realm</realm-name>
  |     </login-config>
  |     <security-role>
  |             <description>The single application role</description>
  |             <role-name>PP</role-name>
  |             </security-role>
  |             <security-role-ref>
  |             <role-name>PP</role-name>
  |             <role-link>user</role-link>
  |             </security-role-ref>
  | </web-app>
  | 


  | login-config.xml
  | 
  | .....
  | <application-policy name="KRB">
  |        <authentication>
  |           <login-module code="com.sun.security.auth.module.Krb5LoginModule"
  |              flag = "required">
  |              <module-option name="useTicketCache">true</module-option>
  |              <module-option name="debug">true</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | ...
  | 


  | context.xml
  | 
  | <Context>
  |     <Valve className= 
"org.jboss.web.tomcat.security.HttpServletRequestResponseValve" />
  | </Context>
  | 


  | jboss-web.xml
  | 
  | <jboss-web>
  |     <security-domain>java:/jaas/KRB</security-domain>
  | </jboss-web>
  | 

And the log gives me this info


  | JBoss_4_0_3 date=200510042324)] Started in 23s:530ms
  | 2005-12-21 17:35:44,258 DEBUG 
[org.jboss.security.plugins.JaasSecurityManager.KRB] CallbackHandler: [EMAIL 
PROTECTED]
  | 2005-12-21 17:35:44,258 DEBUG 
[org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL 
PROTECTED]
  | 2005-12-21 17:35:44,258 DEBUG 
[org.jboss.security.plugins.JaasSecurityManager.KRB] CachePolicy set to: [EMAIL 
PROTECTED]
  | 2005-12-21 17:35:44,258 DEBUG 
[org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL 
PROTECTED]
  | 2005-12-21 17:35:44,258 DEBUG 
[org.jboss.security.plugins.JaasSecurityManagerService] Added KRB, [EMAIL 
PROTECTED] to map
  | 2005-12-21 17:35:44,289 INFO  [STDOUT] Debug is  true storeKey false 
useTicketCache true useKeyTab false doNotPrompt false ticketCache is null 
KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is 
false useFirstPass is false storePass is false clearPass is false
  | 2005-12-21 17:35:44,289 INFO  [STDOUT] Acquire TGT from Cache
  | 2005-12-21 17:35:44,414 INFO  [STDOUT] Principal is [EMAIL PROTECTED]
  | 2005-12-21 17:35:44,445 INFO  [STDOUT] Commit Succeeded 
  | 2005-12-21 17:35:44,445 DEBUG 
[org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: 
GenericPrincipal[()]
  | 

I have a lot of doubts about web.xml...

Is Negotiate a correct "auth-method"?
What does "realm-name" work for?

Thanks in advance!

iván

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913814#3913814

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913814


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to