Re: Security problem integration Tomcat (3.2.1) and Jonas (2.2.7)

Philippe Coq Thu, 05 Apr 2001 01:22:47 -0700
Erez Nahir wrote:
> 
> Hello Philip,
> 
> Thanks for the quick response:
> 
> My implementation is as follows:
> 
>   public int authorize( Request request, Response response, String[] roles )
> {
>     System.out.println("In SecurityCtxInterceptor31");
>     int result = super.authorize(request, response, roles );
>     if( result == 0 ) {
>       Principal principal = request.getUserPrincipal();
>       if( principal != null ) {
>         SecurityContext ctx = new SecurityContext(principal.getName() );
>         SecurityCurrent current = SecurityCurrent.getCurrent();
>         current.setSecurityContext(ctx);
>       }
>     }
>     return result;
>   }
> 
> But I think it does not reach the method (Can't see the println() anywhere).
> I even tried to name the class SecurityCtxInterceptor31 and replace it with
> the former one.
> Nothing yet.
> 
> Thanks,
> 
> Erez
> 

Hi,
I have just made the try and it is working.

1) Here is the code of my interceptor SecurityCtxInterceptor32.java:

package org.objectweb.security.tomcat.interceptor ;

import org.apache.tomcat.request.SimpleRealm;
import org.apache.tomcat.core.Request ;
import org.apache.tomcat.core.Response ;

import org.enhydra.security.avs.api.SecurityCurrent ;
import org.enhydra.security.avs.api.SecurityContext ;

import java.security.Principal ;

public class SecurityCtxInterceptor32 extends  SimpleRealm {

    public SecurityCtxInterceptor32 () {
        super () ;
    }

     public int authorize( Request req, Response response, String
roles[] ) {
        int result = super.authorize (req, response, roles) ;
        if (result == 0) {
            Principal principal = req.getUserPrincipal() ;
            SecurityContext ctx = new SecurityContext (principal.getName()) ;
            SecurityCurrent current = SecurityCurrent.getCurrent () ;
            current.setSecurityContext(ctx) ;
        }
        return result ;
    }
}



2) In $TOMCAT_HOME/conf/server.xml:
      <RequestInterceptor 
            className="org.apache.tomcat.request.SimpleRealm" 
            debug="1" />
        <RequestInterceptor 
           
className="org.objectweb.security.tomcat.interceptor.SecurityCtxInterceptor32" 
            debug="1" />


3) For running Tomcat :
   . $JONAS_ROOT/bin/unix/config_env
   $TOMCAT_HOME/bin/tomcat.sh start

In the traces we can see:
2001-04-05 09:01:49 - ContextManager: Add requestInterceptor
javaClass="org.apache.tomcat.request.SimpleRealm" 
2001-04-05 09:01:49 - ContextManager: Add requestInterceptor
javaClass="org.objectweb.security.tomcat.interceptor.SecurityCtxInterceptor32" 

4) Running Jonas
   cd examples\src\security\sb
   EJBServer&

5) after lauching the servlet and authentication process we can see
these traces:


2001-04-05 09:04:03 - ContextManager: SimpleRealm: Verify user=null
pass=null
2001-04-05 09:04:03 - ContextManager: SecurityCtxInterceptor32: Verify
user=null pass=null
2001-04-05 09:04:03 - ContextManager: Authorize status 401
2001-04-05 09:04:03 - ContextManager: Authorize error R( /ejbSample +
/secured/op.html + null) 401
2001-04-05 09:04:03 - Ctx( /ejbSample ): Handler
tomcat.basicAuthHandler(null/null) tomcat.basicAuthHandler
2001-04-05 09:04:11 - ContextManager: SimpleRealm: Verify user=tomcat
pass=tomcat
2001-04-05 09:04:11 - ContextManager: SimpleRealm: Auth ok, user=tomcat
2001-04-05 09:04:11 - ContextManager: SecurityCtxInterceptor32: Verify
user=tomcat pass=tomcat
2001-04-05 09:04:11 - ContextManager: SecurityCtxInterceptor32: Auth ok,
user=tomcat
2001-04-05 09:04:11 - ContextManager: SimpleRealm: Controled access for
tomcat R( /ejbSample + /secured/op.html + null) Ct ( )
2001-04-05 09:04:11 - ContextManager: SecurityCtxInterceptor32:
Controled access for tomcat R( /ejbSample + /secured/op.html + null) Ct
( )
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Verify user=tomcat
pass=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Auth ok, user=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Verify
user=tomcat pass=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Auth ok,
user=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Controled access for
tomcat R( /ejbSample + /secured/style.css + null) Ct ( )
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32:
Controled access for tomcat R( /ejbSample + /secured/style.css + null)
Ct ( )
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Verify user=tomcat
pass=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Auth ok, user=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Verify user=tomcat
pass=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Verify
user=tomcat pass=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Auth ok, user=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Auth ok,
user=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Verify
user=tomcat pass=tomcat
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Controled access for
tomcat R( /ejbSample + /secured/images/tomcat.gif + null) Ct ( )
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32: Auth ok,
user=tomcat
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32:
Controled access for tomcat R( /ejbSample + /secured/images/tomcat.gif +
null) Ct ( )
2001-04-05 09:04:12 - ContextManager: SimpleRealm: Controled access for
tomcat R( /ejbSample + /secured/images/FinalLogo.jpg + null) Ct ( )
2001-04-05 09:04:12 - ContextManager: SecurityCtxInterceptor32:
Controled access for tomcat R( /ejbSample +
/secured/images/FinalLogo.jpg + null) Ct ( )
2001-04-05 09:04:14 - ContextManager: SimpleRealm: Verify user=tomcat
pass=tomcat
2001-04-05 09:04:14 - ContextManager: SimpleRealm: Auth ok, user=tomcat
2001-04-05 09:04:14 - ContextManager: SecurityCtxInterceptor32: Verify
user=tomcat pass=tomcat
2001-04-05 09:04:14 - ContextManager: SecurityCtxInterceptor32: Auth ok,
user=tomcat
2001-04-05 09:04:14 - ContextManager: SimpleRealm: Controled access for
tomcat R( /ejbSample + /secured/op + null) Ct (op(ServletOP/null) )
2001-04-05 09:04:14 - ContextManager: SecurityCtxInterceptor32:
Controled access for tomcat R( /ejbSample + /secured/op + null) Ct
(op(ServletOP/null) )


6) and of course in the browser window

Actions realized by the servlet and the EJB

     Create a bean 
     Start a first transaction 
     First request on the new bean 
     Second request on the bean 
     Commit the transaction 
     Start a second transaction 
     Rollback the transaction 
     Request outside any transaction 


Sample is OK.


I was using JOnAS with RMI

I hope it helps
Best regards,

-- 
        Philippe

Philippe Coq  Evidian   Phone: (33) 04 76 29 78 49
Bull S.A  - 1 rue de Provence - 38432 Echirolles Cedex France
Download our EJBServer at http://www.objectweb.org
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
Re: Security problem integration Tomcat (3.2.1) and Jonas (2.2.7)

Reply via email to
