Could you tell me what is the correct configuration to access the jaas login file with this security manager. Thanks
-----Message d'origine----- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: >Matt I am ok with you! I try the two methods and I have the same results >(null) ! >Perhaps we have to configure properly tomcat (?) so that it can record the >subject in the session. Perhaps an authenticator ? >Jean François ! any ideas ? > >The second method is >Subject.getSubject(java.security.AccessController.getContext()); > >-----Message d'origine----- >De : Matt Harrison [mailto:[EMAIL PROTECTED] >Envoyé : mardi 20 juillet 2004 17:42 >À : 'Tomcat Users List' >Objet : RE: RE : how to access Subject after authentification > >I have tried both of these and they both return null! > > > >>-----Original Message----- >>From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] >>Sent: 20 July 2004 16:30 >>To: Tomcat Users List >>Subject: Re: RE : how to access Subject after authentification >> >> >>Two ways: >> >>httpSession.getAttribute("javax.security.auth.subject") >> >>or >> >>Subject.getSubject(AccessControl.getContext()) >> >>-- Jeanfrancois >> >>Matt Harrison wrote: >> >> >> >>>Sorry for mis-reading your email >>> >>>If anybody out there knows how to retrieve the Subject, >>> >>> >>Jean-Pierre and I >> >> >>>would most appreciate it! >>> >>>But, if, as I suspect, this is not part of the current >>> >>> >>servlet spec, and >> >> >>>thus not part of Tomcat, can I make a request for this to be >>> >>> >>included next >> >> >>>time round? >>> >>>I work around this by concatenating all the information I >>> >>> >>require from the >> >> >>>subject into the Principal's name in my JAAS login module, as a >>>java.security.Principal object is available from the request >>> >>> >>object in >> >> >>>Tomcat. But I guess this isn't an option for this problem. >>> >>>Matt >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: LERBSCHER Jean-Pierre >>>>[mailto:[EMAIL PROTECTED] >>>>Sent: 20 July 2004 15:40 >>>>To: 'Tomcat Users List' >>>>Subject: RE : how to access Subject after authentification >>>> >>>> >>>>Thanks Matt ! >>>>My problem is that have to call EJB deployed in Weblogic >>>>application server >>>> >>>> >>>>from servlet components. I use the weblogic api to propagate >>> >>> >>>>the security >>>>information from tomcat to WLS. This api uses the subject! >>>> >>>> >>Thus it is >> >> >>>>necessary that I can reach it. >>>> >>>>-----Message d'origine----- >>>>De : Matt Harrison [mailto:[EMAIL PROTECTED] >>>>Envoyé : mardi 20 juillet 2004 15:59 >>>>À : 'Tomcat Users List' >>>>Objet : RE: how to access Subject after authentification >>>> >>>>Hi >>>> >>>>I had a similar question a while back and never really got it fully >>>>resolved, but I found that Tomcat doesn't save the subject as >>>>a session >>>>attribute. >>>> >>>>However in your case you don't need to access the subject. In >>>>the web.xml >>>>file for your app, you can define what roles have access to >>>>each resource >>>>(jsp, servlet) and have your JAAS login module assign these >>>>roles to the >>>>subject - i.e. container managed security. >>>> >>>>e.g. add to web.xml (gives access to logins with role "user" >>>>to all of your >>>>application): >>>> >>>> <security-constraint> >>>> <web-resource-collection> >>>> >>>><web-resource-name>myApplication</web-resource-name> >>>> <url-pattern>/*</url-pattern> >>>> </web-resource-collection> >>>> <auth-constraint> >>>> <role-name>user</role-name> >>>> </auth-constraint> >>>> </security-constraint> >>>> <security-role> >>>> <role-name>user</role-name> >>>> </security-role> >>>> >>>>see the tomcat docs for more info >>>> >>>>Matt >>>> >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: LERBSCHER Jean-Pierre >>>>>[mailto:[EMAIL PROTECTED] >>>>>Sent: 20 July 2004 14:42 >>>>>To: '[EMAIL PROTECTED]' >>>>>Subject: how to access Subject after authentification >>>>> >>>>> >>>>>Hi, >>>>> >>>>>I am using JAAS authentification module to authenticate user >>>>>within tomcat >>>>>5.0.27. >>>>> >>>>>After the authentification, I want to control access to >>>>>resources (like ejb >>>>>deployed in weblogic application server). >>>>> >>>>>To control access, I have to use weblogic api with the >>>>>Subject instance >>>>>delivred by authentification to tomcat. >>>>> >>>>> >>>>> >>>>>The problem is : how can I get the subject object.. I try >>>>>session.getAttribute( "javax.security.auth.subject" ); but it >>>>>seems that I >>>>>can't access to this information ! >>>>> >>>>>Any ideas? >>>>> >>>>>Thanks, >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>------------------------------------------------------------ >>>> >>>> >>--------- >> >> >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>>------------------------------------------------------------ >>>> >>>> >>--------- >> >> >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]