Re: JAAS login context propagation to JBoss
I had a look at the code and I guess it could be used to do the association but what it seems to be doing is just creating a new Subject and adding the required principal (which I assume has been obtained from the servlet request) to it. If JAASRealm is used this will be a GenericPrincipal which is different to the principal obtained when doing the login (I'm using JBoss in this case). Are there any plans for Tomcat 5 to cache the subjects obtained upon login anywhere ? Also can you confirm that a valve would be the right place to do this sort of association ? On Fri, 2003-02-07 at 02:30, Jeanfrancois Arcand wrote: > The feature you want has been implemented in Tomcat 5 (not in Tomcat > 4.1.x). > > You can probably port it if you realy needs it (see > >http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java) > > or starts using Tomcat 5. > > -- Jeanfrancois > > > Peter Kelley wrote: > > >I tell a lie, you can't get access to the users session easily from a > >realm's authenticate method. > > > >Perhaps I could write a valve that looks at the request and looks up the > >realm the user belongs to. I could then cache the subjects in the realm > >and run the rest of the pipeline using doAs(subject, ). > > > >This seems awfully low level but I can't see another way. Can anyone > >suggest an alternative ? Surely this problem has been encountered > >before. > > > >On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: > > > > > >>I have set up form based authentication for Tomcat 4.1.18 using the > >>JAASRealm and I am using it to connect to a remote JBoss server. > >>Whenever a new user logs in all of the sessions of the existing users > >>take on the identity of the new user on the EJB server. > >> > >>It appears as if something needs to be done to associate the JAAS > >>subject with the current thread every time a request comes in. I can > >>cache the subject in the session but I'm not sure how to go about doing > >>the association. > >> > >>Any ideas ? > >> > >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS login context propagation to JBoss
The feature you want has been implemented in Tomcat 5 (not in Tomcat 4.1.x). You can probably port it if you realy needs it (see http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java) or starts using Tomcat 5. -- Jeanfrancois Peter Kelley wrote: I tell a lie, you can't get access to the users session easily from a realm's authenticate method. Perhaps I could write a valve that looks at the request and looks up the realm the user belongs to. I could then cache the subjects in the realm and run the rest of the pipeline using doAs(subject, ). This seems awfully low level but I can't see another way. Can anyone suggest an alternative ? Surely this problem has been encountered before. On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: I have set up form based authentication for Tomcat 4.1.18 using the JAASRealm and I am using it to connect to a remote JBoss server. Whenever a new user logs in all of the sessions of the existing users take on the identity of the new user on the EJB server. It appears as if something needs to be done to associate the JAAS subject with the current thread every time a request comes in. I can cache the subject in the session but I'm not sure how to go about doing the association. Any ideas ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS login context propagation to JBoss
I tell a lie, you can't get access to the users session easily from a realm's authenticate method. Perhaps I could write a valve that looks at the request and looks up the realm the user belongs to. I could then cache the subjects in the realm and run the rest of the pipeline using doAs(subject, ). This seems awfully low level but I can't see another way. Can anyone suggest an alternative ? Surely this problem has been encountered before. On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: > I have set up form based authentication for Tomcat 4.1.18 using the > JAASRealm and I am using it to connect to a remote JBoss server. > Whenever a new user logs in all of the sessions of the existing users > take on the identity of the new user on the EJB server. > > It appears as if something needs to be done to associate the JAAS > subject with the current thread every time a request comes in. I can > cache the subject in the session but I'm not sure how to go about doing > the association. > > Any ideas ? -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS login context propagation to JBoss
I have set up form based authentication for Tomcat 4.1.18 using the JAASRealm and I am using it to connect to a remote JBoss server. Whenever a new user logs in all of the sessions of the existing users take on the identity of the new user on the EJB server. It appears as if something needs to be done to associate the JAAS subject with the current thread every time a request comes in. I can cache the subject in the session but I'm not sure how to go about doing the association. Any ideas ? -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
