From: "Wendy Smoak" <[EMAIL PROTECTED]>
I have a standalone Tomcat 5.0 instance, and a third-party webapp that has
support for authentication via LDAP. Of course, we don't have LDAP, we
have Kerberos. It should be a simple matter to plug in a different Realm,
right?
Replying to myself for the benefit of the archives...
I came up with three examples of Kerberos authentication with Tomcat and
JAASRealm:
http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatJspExamples
The first one is converting the 'jsp-examples' webapp to use Kerberos by
adding/changing config files, no Java code is required.
From there, I have a custom LoginModule that wraps Sun's Krb5LoginModule in
order to add more roles to the Subject in the 'commit' method. And finally,
a custom Realm that extends JAASRealm and overrides 'authenticate' (for the
same reason, to add roles). I welcome comments on the code... it works, but
considering that I'm only a week into learning about CMA and JAAS, I'm sure
it could be improved.
I hope that once JSR 196 is final, someone will write a more robust
LoginModule for Kerberos. Failover would be nice... AFAICT you can only
configure one kdc for Sun's Krb5LoginModule.
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
