OK I think I owe Craig an apology: There is no standard way to pass JAAS
credentials between VM's. The way that JBoss does it is by using a piece
of code called the ClientLoginModule which interacts with the JBoss RMI
stubs to pass the credentials. Note that JBoss does a login on each
call.
The way I got this working for Tomcat was as follows:
1. Set up a JAAS auth.conf file with 2 login configs for authentication.
1 contains the login module actually used to authenticate and the other
contains the JBoss ClientLoginModule. Call the first login config
Tomcat.
2. Subclass JAASLoginModule and keep a cache of userid's and credentials
with a method to access them.
3. Create a valve that retrieves the principal from the request, looks
up the realm for that principal, retrieves the password from the realm
and does a JAAS login using the second login configuration above for
every HTTP request.
4. In the server.xml file put the following line before the client login
valve:
<Valve
className="org.apache.catalina.authenticator.FormAuthenticator"/>
(Use the appropriate class if you are not doing form authentication)
5. Create an mbeans-descriptors.xml and place it in the jar file with
the realm and the valve. Reference this from a descriptors property in
the ServerLifecycleListener Listener element in server.xml.
6. Put the jar file in ${tomcat.home}/server/lib
I hope that this is of use to anyone else trying to do this.
On Mon, 2003-02-10 at 19:04, Peter Kelley wrote:
> I've written a valve to do this and the code should be standard JAAS,
> not specific to JBoss. There is a class already in the Tomcat 5 source
> that provides utilities to do something similar. If I get this working
> I'll let you know, it's something that Tomcat will probably need to do
> to talk JAAS to application servers.
>
> If this were JBoss specific I would agree with you but what I want to do
> should be following the JAAS standard.
--
Peter Kelley <[EMAIL PROTECTED]>
Moveit Pty Ltd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
