In fact my java options are : JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaas .config
-----Message d'origine----- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mercredi 21 juillet 2004 12:13 À : 'Tomcat Users List' Cc : 'Jeanfrancois Arcand' Objet : RE : RE : RE : RE : how to access Subject after authentification The command line is ok ! But I have an exception : Caused by: java.io.IOException: Impossible de trouver une configuration de connexion at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95) ... 33 more I set JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf \Sample_jaas.config The classe that instantiates the login context is located in common/classes The standard Catalina.policy containts this permission grant codeBase "file:${catalina.home}/common/-" { permission java.security.AllPermission; }; Any ideas ? Thanks in advance! -----Message d'origine----- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 19:52 À : Tomcat Users List Objet : Re: RE : RE : RE : how to access Subject after authentification LERBSCHER Jean-Pierre wrote: >Could you tell me what is the correct configuration to access the jaas login >file with this security manager. > > You need to start Tomcat using the -security ./catalina.sh start -security -- Jeanfrancois >Thanks > >-----Message d'origine----- >De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] >Envoyé : mardi 20 juillet 2004 18:42 >À : Tomcat Users List >Objet : Re: RE : RE : how to access Subject after authentification > >Are you both running with the security manager on? I think that's the >problem... > >-- Jeanfrancois > >LERBSCHER Jean-Pierre wrote: > > > >>Matt I am ok with you! I try the two methods and I have the same results >>(null) ! >>Perhaps we have to configure properly tomcat (?) so that it can record the >>subject in the session. Perhaps an authenticator ? >>Jean François ! any ideas ? >> >>The second method is >>Subject.getSubject(java.security.AccessController.getContext()); >> >>-----Message d'origine----- >>De : Matt Harrison [mailto:[EMAIL PROTECTED] >>Envoyé : mardi 20 juillet 2004 17:42 >>À : 'Tomcat Users List' >>Objet : RE: RE : how to access Subject after authentification >> >>I have tried both of these and they both return null! >> >> >> >> >> >>>-----Original Message----- >>>From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] >>>Sent: 20 July 2004 16:30 >>>To: Tomcat Users List >>>Subject: Re: RE : how to access Subject after authentification >>> >>> >>>Two ways: >>> >>>httpSession.getAttribute("javax.security.auth.subject") >>> >>>or >>> >>>Subject.getSubject(AccessControl.getContext()) >>> >>>-- Jeanfrancois >>> >>>Matt Harrison wrote: >>> >>> >>> >>> >>> >>>>Sorry for mis-reading your email >>>> >>>>If anybody out there knows how to retrieve the Subject, >>>> >>>> >>>> >>>> >>>Jean-Pierre and I >>> >>> >>> >>> >>>>would most appreciate it! >>>> >>>>But, if, as I suspect, this is not part of the current >>>> >>>> >>>> >>>> >>>servlet spec, and >>> >>> >>> >>> >>>>thus not part of Tomcat, can I make a request for this to be >>>> >>>> >>>> >>>> >>>included next >>> >>> >>> >>> >>>>time round? >>>> >>>>I work around this by concatenating all the information I >>>> >>>> >>>> >>>> >>>require from the >>> >>> >>> >>> >>>>subject into the Principal's name in my JAAS login module, as a >>>>java.security.Principal object is available from the request >>>> >>>> >>>> >>>> >>>object in >>> >>> >>> >>> >>>>Tomcat. But I guess this isn't an option for this problem. >>>> >>>>Matt >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: LERBSCHER Jean-Pierre >>>>>[mailto:[EMAIL PROTECTED] >>>>>Sent: 20 July 2004 15:40 >>>>>To: 'Tomcat Users List' >>>>>Subject: RE : how to access Subject after authentification >>>>> >>>>> >>>>>Thanks Matt ! >>>>>My problem is that have to call EJB deployed in Weblogic >>>>>application server >>>>> >>>>> >>>>> >>>>> >>>>>from servlet components. I use the weblogic api to propagate >>>> >>>> >>>> >>>> >>>>>the security >>>>>information from tomcat to WLS. This api uses the subject! >>>>> >>>>> >>>>> >>>>> >>>Thus it is >>> >>> >>> >>> >>>>>necessary that I can reach it. >>>>> >>>>>-----Message d'origine----- >>>>>De : Matt Harrison [mailto:[EMAIL PROTECTED] >>>>>Envoyé : mardi 20 juillet 2004 15:59 >>>>>À : 'Tomcat Users List' >>>>>Objet : RE: how to access Subject after authentification >>>>> >>>>>Hi >>>>> >>>>>I had a similar question a while back and never really got it fully >>>>>resolved, but I found that Tomcat doesn't save the subject as >>>>>a session >>>>>attribute. >>>>> >>>>>However in your case you don't need to access the subject. In >>>>>the web.xml >>>>>file for your app, you can define what roles have access to >>>>>each resource >>>>>(jsp, servlet) and have your JAAS login module assign these >>>>>roles to the >>>>>subject - i.e. container managed security. >>>>> >>>>>e.g. add to web.xml (gives access to logins with role "user" >>>>>to all of your >>>>>application): >>>>> >>>>> <security-constraint> >>>>> <web-resource-collection> >>>>> >>>>><web-resource-name>myApplication</web-resource-name> >>>>> <url-pattern>/*</url-pattern> >>>>> </web-resource-collection> >>>>> <auth-constraint> >>>>> <role-name>user</role-name> >>>>> </auth-constraint> >>>>> </security-constraint> >>>>> <security-role> >>>>> <role-name>user</role-name> >>>>> </security-role> >>>>> >>>>>see the tomcat docs for more info >>>>> >>>>>Matt >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: LERBSCHER Jean-Pierre >>>>>>[mailto:[EMAIL PROTECTED] >>>>>>Sent: 20 July 2004 14:42 >>>>>>To: '[EMAIL PROTECTED]' >>>>>>Subject: how to access Subject after authentification >>>>>> >>>>>> >>>>>>Hi, >>>>>> >>>>>>I am using JAAS authentification module to authenticate user >>>>>>within tomcat >>>>>>5.0.27. >>>>>> >>>>>>After the authentification, I want to control access to >>>>>>resources (like ejb >>>>>>deployed in weblogic application server). >>>>>> >>>>>>To control access, I have to use weblogic api with the >>>>>>Subject instance >>>>>>delivred by authentification to tomcat. >>>>>> >>>>>> >>>>>> >>>>>>The problem is : how can I get the subject object.. I try >>>>>>session.getAttribute( "javax.security.auth.subject" ); but it >>>>>>seems that I >>>>>>can't access to this information ! >>>>>> >>>>>>Any ideas? >>>>>> >>>>>>Thanks, >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> >>>--------- >>> >>> >>> >>> >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>>------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> >>>--------- >>> >>> >>> >>> >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
