subject:"\[JBoss\-user\] JBoss 2.2\: Servlet Authentication against JBoss realms. How \?"

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-20 Thread Scott M Stark

There is nothing wrong doing this.

- Original Message -
From: Scott Hasse
To: [EMAIL PROTECTED]
Sent: Friday, April 20, 2001 1:07 PM
Subject: Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

All,

Having run into this same issue myself, I am wondering about the feasibility of 
developing a JBossRealm (or similiar) for Tomcat
that actually authenticates against the JBoss security configuration.  It seems to me 
that this would actually then be "integrated"
security, versus the dual configuration that is needed now.  For instance, SimpleRealm 
or JDBC Realm would no longer be needed.
Their functionality would be replaced by a JBossRealm (or JBossRealmAuthenticate) 
module that authenticates the user in Tomcat.  One
huge advantage to this approach would be that we would be able to use any JBoss 
security configuration (which is nice and
extensible) from Tomcat, versus just the JDBC and XML file capabilities currently 
available in Tomcat.

Is there something fundamental that is preventing this from working, or that makes it 
a bad idea?

Thanks,

Scott

___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-20 Thread Scott Hasse




All,
 
Having run into this same issue myself, I am 
wondering about the feasibility of developing a JBossRealm (or similiar) for 
Tomcat that actually authenticates against the JBoss 
security configuration.  It seems to me that this would actually then 
be "integrated" security, versus the dual configuration that is needed 
now.  For instance, SimpleRealm or JDBC Realm would no longer be 
needed.  Their functionality would be 
replaced by a JBossRealm (or JBossRealmAuthenticate) module 
that authenticates the user in Tomcat.  One huge advantage to this 
approach would be that we would be able to use any JBoss security configuration 
(which is nice and extensible) from Tomcat, versus just the JDBC and 
XML file capabilities currently available in Tomcat.
 
Is there something fundamental that is preventing 
this from working, or that makes it a bad idea?
 
Thanks,
 
Scott
 
>Correct.>>- Original Message 
- >From: "Ijonas Kisselbach" <[EMAIL PROTECTED]>>To: 
<[EMAIL PROTECTED]>>Sent: Thursday, April 19, 2001 
11:44 AM>Subject: Re: [JBoss-user] JBoss 2.2: Servlet Authentication 
against JBoss realms. How ?>>>> So let me get this 
right.>> >> First I authenticate within Tomcat, using the 
usual means This then sets>> ups credentials which will be passed 
onto JBoss for further handling.>> >> But always 
authenticate in Tomcat first... ??>> >> This makes sense if 
this is the case. Can you confirm ?>> >> Cheers,>> 
Ijonas.

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-19 Thread Scott M Stark


Correct.

- Original Message - 
From: "Ijonas Kisselbach" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 19, 2001 11:44 AM
Subject: Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?


> So let me get this right.
> 
> First I authenticate within Tomcat, using the usual means This then sets
> ups credentials which will be passed onto JBoss for further handling.
> 
> But always authenticate in Tomcat first... ??
> 
> This makes sense if this is the case. Can you confirm ?
> 
> Cheers,
> Ijonas.
> 
> 
> - Original Message -
> From: "Scott M Stark" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, April 19, 2001 6:53 PM
> Subject: Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss
> realms. How ?
> 
> 
> >
> > You have to have a Tomcat realm ahead of the JbossRealm as the JbossRealm
> > just mpas the credentials obtained by the Tomcat Realm onto the JBoss
> notion
> > of the thread user.
> >
> > ----- Original Message -
> > From: Ijonas Kisselbach
> > To: jbUser
> > Sent: Thursday, April 19, 2001 10:01 AM
> > Subject: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss
> realms. How ?
> >
> >
> > Hi,
> >
> > I'm trying to authenticate servlets against a a JBoss realm. I've got the
> servlets and JSP authenticating against the
> > org.apache.tomcat.request.SimpleRealm and tomcat-users.xml file. This
> works fine. But I know want to go to the next step and
> > authenticate against a Jboss realm. Hence I've commented out the Tomcat
> security realm request interceptor from server.xml:
> >
> > 
> >
> >
> >
> >
> > ___
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/jboss-user
> >
> 
> ___
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
> 


___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-19 Thread Ijonas Kisselbach


So let me get this right.

First I authenticate within Tomcat, using the usual means This then sets
ups credentials which will be passed onto JBoss for further handling.

But always authenticate in Tomcat first... ??

This makes sense if this is the case. Can you confirm ?

Cheers,
Ijonas.


- Original Message -
From: "Scott M Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 19, 2001 6:53 PM
Subject: Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss
realms. How ?


>
> You have to have a Tomcat realm ahead of the JbossRealm as the JbossRealm
> just mpas the credentials obtained by the Tomcat Realm onto the JBoss
notion
> of the thread user.
>
> - Original Message -
> From: Ijonas Kisselbach
> To: jbUser
> Sent: Thursday, April 19, 2001 10:01 AM
> Subject: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss
realms. How ?
>
>
> Hi,
>
> I'm trying to authenticate servlets against a a JBoss realm. I've got the
servlets and JSP authenticating against the
> org.apache.tomcat.request.SimpleRealm and tomcat-users.xml file. This
works fine. But I know want to go to the next step and
> authenticate against a Jboss realm. Hence I've commented out the Tomcat
security realm request interceptor from server.xml:
>
> 
>
>
>
>
> ___
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>

___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-19 Thread Scott M Stark

You have to have a Tomcat realm ahead of the JbossRealm as the JbossRealm
just mpas the credentials obtained by the Tomcat Realm onto the JBoss notion
of the thread user.

- Original Message -
From: Ijonas Kisselbach
To: jbUser
Sent: Thursday, April 19, 2001 10:01 AM
Subject: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

Hi,

I'm trying to authenticate servlets against a a JBoss realm. I've got the servlets and 
JSP authenticating against the
org.apache.tomcat.request.SimpleRealm and tomcat-users.xml file. This works fine. But 
I know want to go to the next step and
authenticate against a Jboss realm. Hence I've commented out the Tomcat security realm 
request interceptor from server.xml:

___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

2001-04-19 Thread Ijonas Kisselbach




Hi,
 
I'm trying to authenticate servlets against a a 
JBoss realm. I've got the servlets and JSP authenticating against the 
org.apache.tomcat.request.SimpleRealm and tomcat-users.xml file. This works 
fine. But I know want to go to the next step and authenticate against a Jboss 
realm. Hence I've commented out the Tomcat security realm request interceptor 
from server.xml:
 
           
I have changed my jboss.properties to point to 
tomcat/auth.conf :
 
java.security.auth.login.config==file:../conf/tomcat/auth.conf 

 
My auth.conf looks as 
follows:
 
simple {    
org.jboss.security.plugins.samples.SimpleServerLoginModule 
required;};
 
other {    
org.jboss.security.plugins.samples.JaasServerLoginModule required;
};
 
The security secions in my jboss.jcml file 
look as follows:
 
  
 
    
 
        org.jboss.security.plugins.JaasSecurityManager  

 
  
As you can see fairly 
standard stuff a la the JAAS Howto.
 
Finally my web.xml that configures my servlets has 
the following section which worked under the SimpleRealm authentication provided 
by Tomcat:
 
  
    
  
Serv-C  
/*    
    
  
User    
  
 
  
    
BASIC    
other  
      
User  
      
Superuser  

 
I would expect , upon accessing the default page, a 
dialogue box to appeat asking for username and password, which would then be 
authenticated against the roles.properties and user.properties 
files.
 
Where am I going wrong ?
 
Cheers,
Ijonas.

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

Re: [JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

[JBoss-user] JBoss 2.2: Servlet Authentication against JBoss realms. How ?

6 matches

Site Navigation

Mail list logo

Footer information