Hello ! I'm having problem with a JAAS authentication realm. I created a LoginModule, configured it as explained in http://forum.java.sun.com/thread.jspa?threadID=233317&tstart=0, defined the permissions in my WEB-INF/web.xml ...
The log statements (System.out.println()) I have in my login module show that the user is authenticated and that the correct roles are added to the subject. BUT : I still get a 403 when trying to access my servlets. I installed a log4j logger for Tomcat as explained in http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html to get some more informations. The relevant lines are included below. It seems the roles didnt get added, wich is not consistant with what I read in my LoginModule doc ... My context definition (in conf/server.xml) is : <Context path="/siems-ds" docBase="/home/gehel/tecost/siems/siems/ds/target/siems-ds-0.1-SNAPSHOT.war/" privileged="true" reloadable="true"> <Realm className="org.apache.catalina.realm.JAASRealm" appName="SIEMS-ds" userClassNames="ch.tecost.siems.jaas.UserPrincipal" roleClassNames="ch.tecost.siems.jaas.RolePrincipal" debug="99"/> </Context> the following code is used to add roles in the commit() method of the LoginModule, "subject" is the subject received in "initialize()" log("adding roles ..."); Collection roleList = RolePrincipal.findByUser(DBAccess .currentConnection(), userPrincipal); for (Iterator it = roleList.iterator(); it.hasNext();) { RolePrincipal role = (RolePrincipal) it.next(); log("Adding role : " + role.getName()); subject.getPrincipals().add(role); } Does anybody have any idea where i should be looking to find the solution ? Thanks Guillaume Lederrey DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - Checking constraint 'SecurityConstraint[SIEMS - Data Service protected area]' against GET /UserList --> true DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - JAASRealm login requested for username "admin" using LoginContext for application "SIEMS-ds" DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Login context created admin DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - JAAS LoginContext created for username "admin" DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking Principal "admin" [ch.tecost.siems.jaas.UserPrincipal] DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Principal "admin" is a valid user class. We will use this as the user Principal. DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - No valid role Principals found. DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Username "admin" successfully authenticated as Principal "{1}" -- Subject was created too DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - Checking roles admin DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking if user Principal "admin" possesses role "Root" DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - No roles Principals found. User Principal or Subject is null, or user Principal not in cache DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - No role found: Root DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking if user Principal "admin" possesses role "Admin" DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - No roles Principals found. User Principal or Subject is null, or user Principal not in cache DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - No role found: Admin DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]] org.apache.catalina.session.ManagerBase - Start expire sessions StandardManager at 1109945560722 sessioncount 0 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]] org.apache.catalina.session.ManagerBase - Start expire sessions StandardManager at 1109945560722 sessioncount 0 -- Guillaume Lederrey Informaticien Développement Tecost - Technology Consulting Studies Fribourg (Switzerland) http://www.tecost.ch/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]