RE : TR : [jaas integration between tomcat/weblogic]
Any responses? Does somebody think that it could be a bug or like an improvement? Thanks. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mardi 27 juillet 2004 19:07 À : '[EMAIL PROTECTED]' Objet : [jaas integration between tomcat/weblogic] Hi, I would like to make EJB-calls from Tomcat to EJB in Weblogic in secure environment (using j2ee roles). I configure a custom JAAS Realm that uses client side LoginModule connecting to WLS (weblogic.security.auth.login.UsernamePasswordLoginModule). I put weblogic.jar into common/lib directory and my login module classes in common/classes. I configure webapp context like this : Realm className=org.apache.catalina.realm.JAASRealm appName=Sample userClassNames=weblogic.security.principal.WLSUserImpl roleClassNames=weblogic.security.principal.WLSGroupImpl debug=99/ I grant all permission (for test only) in Catalina.policy. And I run Catalina with -security option. At this stage tomcat uses login module (and weblogic authentification provider) to authenticate the user. Everything works fine. The subject build by weblogic is used to create a GenericPrincipal used internally by Tomcat. My problem is that I need to use weblogic security api to propagate implicitly the subject when i call the ejb component with the security data provided by weblogic authentification provider (the subject). First I try to run Tomcat with the security option and the permission, enables me to get the tomcat subject (for example like this javax.security.auth.Subject mySubject = javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); ) and call the weblogic security api with that subject. However the Tomcat GenericPrincipal is not serializable and I get an exception [java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal]... Secondly I try to rebuild the weblogic subject with the subject generated by javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); I get an java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[my_username] exception generated by weblogic. It seems obviously that there are problems of integration! My suggestions are to keep a trace of original subject (for example in session with a specific key) or in a classe that is accessible to application classes (and not dependent on tomcat specific api). Do you have any others suggestions ? Environment: Tomcat 5.0.27 (full install), running on xp, java 1.4.2_02 WLS 8 sp2, running on w2k, java 1.4.2_02 (= both on same machine, same environment) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TR : [jaas integration between tomcat/weblogic]
On 30 Jul, 2004, at 9:59 am, LERBSCHER Jean-Pierre wrote: (weblogic.security.auth.login.UsernamePasswordLoginModule). ... The subject build by weblogic is used to create a GenericPrincipal used internally by Tomcat. I got a bit further than this using our own custom-made JAASLoginModule to retrieve Principals from a database. We encountered the fact that Tomcat only returns a generic Principal (not the Principal that we created, despite it being configured that way in server.xml), so we did what you did... extracted the information from the GenericPrincipal (username and password), then made our own UserPrincipal, which we stored in a session. This was in Tomcat 5.0.19 and everything worked, although we had this nagging feeling that it wasn't quite right. Why weren't we receiving our own UserPrincipal? Then we tried upgrading to Tomcat 5.0.25 (and later). When we try to log in to a page configured to be protected, we get the following error: javax.servlet.ServletException: WILDCARD_PRINCIPAL_CLASS org.apache.jasper.servlet.JspServlet.service(JspServlet.java:244) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) ... root cause java.lang.ClassCircularityError: WILDCARD_PRINCIPAL_CLASS java.lang.Class.forName0(Native Method) java.lang.Class.forName(Class.java:219) sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1335) sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1238) sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1201) sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1144) sun.security.provider.PolicyFile.implies(PolicyFile.java:1099) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) ... This is pretty confusing. Has anyone seen this? What does it mean? I can't find any mention of anything that helps in the Tomcat documentation, and so far nothing in various JAAS and Security documentation. Does anyone have a working JAASRealm module, with example server.xml, catalina.policy, web.xml and other files? I'd give my right arm to have an answer to this. Currently, our only solution is to stick with 5.0.19. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TR : [jaas integration between tomcat/weblogic]
Hi, Does somebody have more suggestions on this topic? Thanks. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mardi 27 juillet 2004 19:07 À : '[EMAIL PROTECTED]' Objet : [jaas integration between tomcat/weblogic] Hi, I would like to make EJB-calls from Tomcat to EJB in Weblogic in secure environment (using j2ee roles). I configure a custom JAAS Realm that uses client side LoginModule connecting to WLS (weblogic.security.auth.login.UsernamePasswordLoginModule). I put weblogic.jar into common/lib directory and my login module classes in common/classes. I configure webapp context like this : Realm className=org.apache.catalina.realm.JAASRealm appName=Sample userClassNames=weblogic.security.principal.WLSUserImpl roleClassNames=weblogic.security.principal.WLSGroupImpl debug=99/ I grant all permission (for test only) in Catalina.policy. And I run Catalina with -security option. At this stage tomcat uses login module (and weblogic authentification provider) to authenticate the user. Everything works fine. The subject build by weblogic is used to create a GenericPrincipal used internally by Tomcat. My problem is that I need to use weblogic security api to propagate implicitly the subject when i call the ejb component with the security data provided by weblogic authentification provider (the subject). First I try to run Tomcat with the security option and the permission, enables me to get the tomcat subject (for example like this javax.security.auth.Subject mySubject = javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); ) and call the weblogic security api with that subject. However the Tomcat GenericPrincipal is not serializable and I get an exception [java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal]... Secondly I try to rebuild the weblogic subject with the subject generated by javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); I get an java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[my_username] exception generated by weblogic. It seems obviously that there are problems of integration! My suggestions are to keep a trace of original subject (for example in session with a specific key) or in a classe that is accessible to application classes (and not dependent on tomcat specific api). Do you have any others suggestions ? Environment: Tomcat 5.0.27 (full install), running on xp, java 1.4.2_02 WLS 8 sp2, running on w2k, java 1.4.2_02 (= both on same machine, same environment) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat/Weblogic!!...
Hi, Is it possible to integrate tomcat (web server)and weblogic (App server)..if so how it is possible?.. Any help would be appreciated thanks, Ramkumar
RE: Tomcat/Weblogic!!...
Weblogic and Tomcat do the same thing! They are both java servlet containers... It might make sense to integrate Tomcat with Apache or Weblogic with Tomcat but _not_ weblogic and Tomcat. -Original Message- From: Ramkumar Krishnan [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:29 PM To: Tomcat Users List Subject: Tomcat/Weblogic!!... Hi, Is it possible to integrate tomcat (web server) and weblogic (App server)..if so how it is possible?.. Any help would be appreciated thanks, Ramkumar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat/Weblogic!!...
Here is a contrary point of view. They have nothing close to the same level of functionality. Tomcat is a JSP and servlet container. Weblogic can do these things, but it is also an EJB container, RMI server, insert list of features here. In some cases it makes sense to integrate tomcat with weblogic. It's much cheaper to cluster tomcat servers than to cluster weblogic servers. The cost and functionality of weblogic is wasted on doing things like serving JSPs. I don't have a lot of advice on how to do the integration. So don't ask. :) WL will take connections from java clients (amongst others), including tomcat. It shouldn't be that hard to find advice on the internet. -Original Message- From: Barney Hamish [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 5:47 AM To: 'Tomcat Users List' Subject: RE: Tomcat/Weblogic!!... Weblogic and Tomcat do the same thing! They are both java servlet containers... It might make sense to integrate Tomcat with Apache or Weblogic with Tomcat but _not_ weblogic and Tomcat. -Original Message- From: Ramkumar Krishnan [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:29 PM To: Tomcat Users List Subject: Tomcat/Weblogic!!... Hi, Is it possible to integrate tomcat (web server) and weblogic (App server)..if so how it is possible?.. Any help would be appreciated thanks, Ramkumar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Weblogic 6.1 sp2 + Petstore
in your TC class path do you have the WL classes ? if not there is no way that TC will talk to WL... ie how does your servlet do a lookup to get a WL object D Steve Earl wrote: Yep... I'm very familiar with looking up objects from weblogic... I just cannot get the Tomcat side of things to talk to WL... AT ALL. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:37 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore I take it it's one of those the company has got weblogic I think you'll need to include the weblogic jars so that you can do a lookup Have a look on how to get a hold of the weblogic jndi connector ... hope it helps D Steve Earl wrote: Yep... I know about the Tomcat JBoss stuff. What I'm really having problems with is the Tomcat Weblogic stuff. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:24 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore They use the petStore as a example for getting JBoss and TC to talk together jboss.org ... David Steve Earl wrote: Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat + Weblogic 6.1 sp2 + Petstore
Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Tomcat + Weblogic 6.1 sp2 + Petstore
They use the petStore as a example for getting JBoss and TC to talk together jboss.org ... David Steve Earl wrote: Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat + Weblogic 6.1 sp2 + Petstore
Yep... I know about the Tomcat JBoss stuff. What I'm really having problems with is the Tomcat Weblogic stuff. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:24 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore They use the petStore as a example for getting JBoss and TC to talk together jboss.org ... David Steve Earl wrote: Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Tomcat + Weblogic 6.1 sp2 + Petstore
I take it it's one of those the company has got weblogic I think you'll need to include the weblogic jars so that you can do a lookup Have a look on how to get a hold of the weblogic jndi connector ... hope it helps D Steve Earl wrote: Yep... I know about the Tomcat JBoss stuff. What I'm really having problems with is the Tomcat Weblogic stuff. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:24 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore They use the petStore as a example for getting JBoss and TC to talk together jboss.org ... David Steve Earl wrote: Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat + Weblogic 6.1 sp2 + Petstore
Yep... I'm very familiar with looking up objects from weblogic... I just cannot get the Tomcat side of things to talk to WL... AT ALL. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:37 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore I take it it's one of those the company has got weblogic I think you'll need to include the weblogic jars so that you can do a lookup Have a look on how to get a hold of the weblogic jndi connector ... hope it helps D Steve Earl wrote: Yep... I know about the Tomcat JBoss stuff. What I'm really having problems with is the Tomcat Weblogic stuff. Steve... -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:24 AM To: Tomcat Users List Subject: Re: Tomcat + Weblogic 6.1 sp2 + Petstore They use the petStore as a example for getting JBoss and TC to talk together jboss.org ... David Steve Earl wrote: Hi, I've been pounding my head against the wall for a couple of days now trying to configure the pet store application. What I need / want to do is have Weblogic 6.1 sp2 handle the database connections and EJB's while having Tomcat 4.0.2 serve up the servlets and jsps. Has anyone gotten this configuration to work successfully? If so could you please post instructions on how you did it. Any help is greatly appreciated, Thanks in advance... Stephen Earl -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Java Pet Store Demo in Tomcat/WebLogic
Hello, I'm trying to take the Java Pet Store demo that is available on the java.sun.com site and have the JSPs/beans run in Tomcat and the EJBs run as a back end on WebLogic. I have run into a number of technical problems already (problems with the env-entry tags that are used in web.xml, the JNDI names of the EJBs which get mapped to other names by the weblogic specific deployment descriptors, etc), and I've just hit another stumbling block, which has led me to prompt the question: Is it futile to try getting the the Pet Store demo in this setup? The Pet Store site (http://developer.java.sun.com/developer/technicalArticles/J2EE/deployathon2/) doesn't discuss deploying the app in such a manner. Has anyone here tried doing this before? Are there any hints/tips/helpful URLs that you can provide? Regards, Robert Danek
Re: Java Pet Store Demo in Tomcat/WebLogic
Robert, That should be possible, actually apart from the "Connection reset messages" (the message posted earlier) using Tomcat was relatively straightforward. You can look at the following document that gives the steps to port the example to jboss + Tomcat. http://www.jboss.org/manual/examples.html#petstore Regards, Madhu --- Robert Danek [EMAIL PROTECTED] wrote: Hello, I'm trying to take the Java Pet Store demo that is available on the java.sun.com site and have the JSPs/beans run in Tomcat and the EJBs run as a back end on WebLogic. I have run into a number of technical problems already (problems with the env-entry tags that are used in web.xml, the JNDI names of the EJBs which get mapped to other names by the weblogic specific deployment descriptors, etc), and I've just hit another stumbling block, which has led me to prompt the question: Is it futile to try getting the the Pet Store demo in this setup? The Pet Store site (http://developer.java.sun.com/developer/technicalArticles/J2EE/deployathon2/) doesn't discuss deploying the app in such a manner. Has anyone here tried doing this before? Are there any hints/tips/helpful URLs that you can provide? Regards, Robert Danek __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Re: Java Pet Store Demo in Tomcat/WebLogic
Robert, That should be possible, actually apart from the "Connection reset messages" (the message posted earlier) using Tomcat was relatively straightforward. You can look at the following document that gives the steps to port the example to jboss + Tomcat. http://www.jboss.org/manual/examples.html#petstore Regards, Madhu --- Robert Danek [EMAIL PROTECTED] wrote: Hello, I'm trying to take the Java Pet Store demo that is available on the java.sun.com site and have the JSPs/beans run in Tomcat and the EJBs run as a back end on WebLogic. I have run into a number of technical problems already (problems with the env-entry tags that are used in web.xml, the JNDI names of the EJBs which get mapped to other names by the weblogic specific deployment descriptors, etc), and I've just hit another stumbling block, which has led me to prompt the question: Is it futile to try getting the the Pet Store demo in this setup? The Pet Store site (http://developer.java.sun.com/developer/technicalArticles/J2EE/deployathon2/) doesn't discuss deploying the app in such a manner. Has anyone here tried doing this before? Are there any hints/tips/helpful URLs that you can provide? Regards, Robert Danek __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
