[jboss-user] [Security & JAAS/JBoss] - Re: Tomcat 5.5 login module compatibility?
I am facing a similar problem; Per the instructions in the http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith, I set up the login module that extends from UsernamePasswordLoginModule, configured it in the login-config.xml (with the principalClass option set to point to my custom principal). request.getUserPrincipal returns my custom principal but ejbContext.getUserPrincipal returns a SimplePrincipal. What am I missing? Any help will be greatly appreciated. side note: I am debugging into the JBoss source code but I am having to use the 4.2.1 source code because I am unable to locate the security source in the 5.0.0-beta3 or beta4 source code (for jbosssx.jar) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4134187#4134187 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4134187 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: Tomcat 5.5 login module compatibility?
Thanks for the pointer on how to enable debug. We actually were in the process of decompiling the byte code in the jars already. This is what we've found. The libraries are definitely geared towards Tomcat 5.5. They implement a custom LoginModule, but they also rely on a custom JAASRealm which extends org.apache.catalina.realm.RealmBase. Further the custom principal they are creating from their Realm extends org.apache.catalina.realm.GenericPrincipal. Is there any way to configure the default AS 4.2.1 to use this Tomcat 5.5 module/realm without requiring modification to the source code? Our big dilemma, is that the LoginModule and Realm our outside our control; and further there is a development jar and a production jar which have essentially the same configurations but different behavior -- so us modifying the development one and testing with it will not necessarily help us be ready for production. We'd much rather figure out how to configure the security without needing modification to security modules we are being provided. We have been able to configure the login module, and it seems to be working. But we aren't sure how to configure in the Realm, or if you even can. Ultimately what we need is to be able to get the Custom Principal object back from request.getUserPrincipal(). Thanks for your help! Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131658#4131658 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131658 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: Tomcat 5.5 login module compatibility?
You can enable debug. Refer to question 4 http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ The last time i mess with custom principal, I end up having to "extend" SimplePrincipal to be compliant. Worse case, you can always decompile your current module to verify your suspicions View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131314#4131314 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131314 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user