And now it clicks.... sorry been coding for 18h`s I struggled to spell module just now.
Thanks Romain, appreciate the patience. -----Original Message----- From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] Sent: Wednesday, October 17, 2012 5:06 PM To: users@openejb.apache.org Subject: Re: TomEE and Jaas SQLLoginModule you need to configure the loginmodule in server.xml, then simply use servlet 3 api to login/logout your user (a web filter (Filter class of servlet api) around your rest services is the easier) then you should be able to use the security *Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > Well, at least I can say with a lot of certainty...no i`m not. > > Sorry for the ignorance here, but i`m really struggling to tie all the > info together and appreciate the help. > > At present i`m not loading any servlet`s or filter`s via web.xml. My > services are annotated as below get pickup automagically by the container. > > To use the new SQLLoginModule real do I : > 1. need to declare the normal realm based security in web.xml > (login-config and security-role)? > 2. What is this filter you are eluding to? > 3. is the @RolesAllowed({"admin"}) on the rest service > correct/nessasary? > 4. anything else that I might be missing? > > I need to send you a beer/cake/hug for this :) > > Thanks > Derick > > -----Original Message----- > From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] > Sent: Wednesday, October 17, 2012 4:52 PM > To: users@openejb.apache.org > Subject: Re: TomEE and Jaas SQLLoginModule > > maybe i read too quickly (that's really possible ;)) but did you call > request.login() in a filter around the rest service? > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*< > http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > > 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > > > Thanks Romain....once again. > > > > So the combo for SQLLoginModule is > > <Realm className="org.apache.catalina.realm.JAASRealm" > > appName="SQLLoginApp" > > > > userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal" > > > > roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"> > > </Realm> > > > > This works now :) yay. > > > > Last issue on my side, I presume this might be related isCallerInRole > > issue, i`ll test this now quickly with latest snapshot. > > > > I`m trying to authorize the user on a rest service > > > > @Path("/locations") > > @Singleton > > @Lock(LockType.WRITE) > > @RolesAllowed({"admin"}) > > public class LocationService { > > .... > > } > > > > If I read everything correctly (and man I read a lot) the security should > > be used from tomcat`s side. > > Is there something else I need to configure to get the above working, or > > i`m I off track (suggestions welcome, new to rest security) or could this > > be related to the isCallerInRole issue? > > > > Thanks > > Derick > > > > > > -----Original Message----- > > From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] > > Sent: Wednesday, October 17, 2012 4:03 PM > > To: users@openejb.apache.org > > Subject: Re: TomEE and Jaas SQLLoginModule > > > > hmm, > > > > we had isCallerInRole broken, not sure it is linked. If you can give it a > > try on the snapshot it could save us some time :). > > > > BTW personally i used: > > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > appName="PropertiesLoginModule" > > > > userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal" > > > > roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"> > > </Realm> > > > > > > *Romain Manni-Bucau* > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > *Blog: **http://rmannibucau.wordpress.com/*< > > http://rmannibucau.wordpress.com/> > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > *Github: https://github.com/rmannibucau* > > > > > > > > > > 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > > > > > Got to the next point :( > > > > > > I can see the module is now being loaded and sql is correct (broke the > > sql > > > to verify exceptions) but I cant seem to get the roles to work. I even > > > 'hard coded' the sql to return the correct role manager-gui but I still > > get > > > "403 Access Denied". > > > > > > So authentication works but authorization seems to fail. I have checked > > my > > > code and confirmed the process works as expected. The only place i`m > not > > > sure of is the below : > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > > appName="SQLLoginApp" > > > > > > > > > userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User" > > > > > > > > > roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"> > > > </Realm> > > > > > > I`m not sure about the userClassNames & roleClassNames classes. I > copied > > > this form the PropertiesLoginApp examples for jaas on site. > > > > > > Anyone else with experience here? > > > At this point i`m feeling the container is doing some magic i`m not > aware > > > of as everything else looks fine. > > > > > > Thanks for the help > > > > > > Regards > > > Derick > > > > > > -----Original Message----- > > > From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] > > > Sent: Wednesday, October 17, 2012 2:01 PM > > > To: users@openejb.apache.org > > > Subject: Re: TomEE and Jaas SQLLoginModule > > > > > > Hi, > > > > > > did you try set CATALINA_OPTS="c:/complete/path/login.conf" before > > > startup.sh? > > > > > > *Romain Manni-Bucau* > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > http://rmannibucau.wordpress.com/> > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > 2012/10/17 Potgieter, Derick D <derick.potgie...@standardbank.co.za> > > > > > > > Hi Guys, > > > > > > > > I`m really struggling to implement the SQLLoginModule for JAAS based > > > > authentication in TomEE Rest. > > > > > > > > I have followed the guide on > > > http://tomee.apache.org/tomee-jaas.htmlreplacing it with the below > > > > server.xml: > > > > <Realm className="org.apache.catalina.realm.LockOutRealm"> > > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > > > appName="SQLLoginApp" > > > > > > > > > > > > > > userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User" > > > > > > > > > > > > > > roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"> > > > > </Realm> > > > > </Realm> > > > > > > > > conf/login.config: > > > > SQLLoginApp { > > > > org.apache.openejb.core.security.jaas.SQLLoginModule required > > > > dataSourceName="jdbc/db" > > > > userSelect="select ..... " > > > > groupSelect="select ..... " > > > > }; > > > > > > > > And starting tomee with the following: > > > > startup.bat > > > > -Djava.security.auth.login.config=$CATALINA_HOME\conf\login.config > > > > > > > > Getting: > > > > Oct 17, 2012 1:52:00 PM org.apache.catalina.realm.JAASRealm > > authenticate > > > > SEVERE: Unexpected error > > > > javax.security.auth.login.LoginException: No LoginModules configured > > for > > > > SQLLoginApp > > > > > > > > Seems it`s not picking up the login.config file. I have tried every > > > > possible combination to load it \, reverse /, full path, no path, > login > > > > under bin.... > > > > > > > > Just cant get it to pick it up > > > > > > > > Any help would be appreciated. > > > > > > > > Regards > > > > Derick > > > > Standard Bank email disclaimer and confidentiality note > > > > Please go to > > > > http://www.standardbank.co.za/site/homepage/emaildisclaimer.html to > > read > > > > our email disclaimer and confidentiality note. Kindly email > > > > disclai...@standardbank.co.za (no content or subject line necessary) > > if > > > > you cannot view that page and we will email our email disclaimer and > > > > confidentiality note to you. > > > > > > > > > >
