Thanks Romain....once again.
So the combo for SQLLoginModule is
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="SQLLoginApp"
userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
</Realm>
This works now :) yay.
Last issue on my side, I presume this might be related isCallerInRole issue,
i`ll test this now quickly with latest snapshot.
I`m trying to authorize the user on a rest service
@Path("/locations")
@Singleton
@Lock(LockType.WRITE)
@RolesAllowed({"admin"})
public class LocationService {
....
}
If I read everything correctly (and man I read a lot) the security should be
used from tomcat`s side.
Is there something else I need to configure to get the above working, or i`m I
off track (suggestions welcome, new to rest security) or could this be related
to the isCallerInRole issue?
Thanks
Derick
-----Original Message-----
From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com]
Sent: Wednesday, October 17, 2012 4:03 PM
To: users@openejb.apache.org
Subject: Re: TomEE and Jaas SQLLoginModule
hmm,
we had isCallerInRole broken, not sure it is linked. If you can give it a
try on the snapshot it could save us some time :).
BTW personally i used:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PropertiesLoginModule"
userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
</Realm>
*Romain Manni-Bucau*
*Twitter: @rmannibucau <https://twitter.com/rmannibucau>*
*Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/>
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*
2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za>
> Got to the next point :(
>
> I can see the module is now being loaded and sql is correct (broke the sql
> to verify exceptions) but I cant seem to get the roles to work. I even
> 'hard coded' the sql to return the correct role manager-gui but I still get
> "403 Access Denied".
>
> So authentication works but authorization seems to fail. I have checked my
> code and confirmed the process works as expected. The only place i`m not
> sure of is the below :
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="SQLLoginApp"
>
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
> </Realm>
>
> I`m not sure about the userClassNames & roleClassNames classes. I copied
> this form the PropertiesLoginApp examples for jaas on site.
>
> Anyone else with experience here?
> At this point i`m feeling the container is doing some magic i`m not aware
> of as everything else looks fine.
>
> Thanks for the help
>
> Regards
> Derick
>
> -----Original Message-----
> From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com]
> Sent: Wednesday, October 17, 2012 2:01 PM
> To: users@openejb.apache.org
> Subject: Re: TomEE and Jaas SQLLoginModule
>
> Hi,
>
> did you try set CATALINA_OPTS="c:/complete/path/login.conf" before
> startup.sh?
>
> *Romain Manni-Bucau*
> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>*
> *Blog: **http://rmannibucau.wordpress.com/*<
> http://rmannibucau.wordpress.com/>
> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> *Github: https://github.com/rmannibucau*
>
>
>
>
> 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za>
>
> > Hi Guys,
> >
> > I`m really struggling to implement the SQLLoginModule for JAAS based
> > authentication in TomEE Rest.
> >
> > I have followed the guide on
> http://tomee.apache.org/tomee-jaas.htmlreplacing it with the below
> > server.xml:
> > <Realm className="org.apache.catalina.realm.LockOutRealm">
> > <Realm className="org.apache.catalina.realm.JAASRealm"
> > appName="SQLLoginApp"
> >
> >
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
> >
> >
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
> > </Realm>
> > </Realm>
> >
> > conf/login.config:
> > SQLLoginApp {
> > org.apache.openejb.core.security.jaas.SQLLoginModule required
> > dataSourceName="jdbc/db"
> > userSelect="select ..... "
> > groupSelect="select ..... "
> > };
> >
> > And starting tomee with the following:
> > startup.bat
> > -Djava.security.auth.login.config=$CATALINA_HOME\conf\login.config
> >
> > Getting:
> > Oct 17, 2012 1:52:00 PM org.apache.catalina.realm.JAASRealm authenticate
> > SEVERE: Unexpected error
> > javax.security.auth.login.LoginException: No LoginModules configured for
> > SQLLoginApp
> >
> > Seems it`s not picking up the login.config file. I have tried every
> > possible combination to load it \, reverse /, full path, no path, login
> > under bin....
> >
> > Just cant get it to pick it up
> >
> > Any help would be appreciated.
> >
> > Regards
> > Derick
> > Standard Bank email disclaimer and confidentiality note
> > Please go to
> > http://www.standardbank.co.za/site/homepage/emaildisclaimer.html to read
> > our email disclaimer and confidentiality note. Kindly email
> > disclai...@standardbank.co.za (no content or subject line necessary) if
> > you cannot view that page and we will email our email disclaimer and
> > confidentiality note to you.
> >
>
