I'm presently waist deep in my own JAASRealm / JAAS login module /
single signon implementation myself, so I'm sorry I can't answer your
question directly at the moment. But after I'm through this, I'm
going to put together a FAQ and examples and put them up on a
website. JAAS authentication and single signon is too important for
there to be confusion surrounding it. Hopefully next week I'll be
able to do this.
Brad
On Oct 20, 2005, at 8:37 AM, Jukka Uusisalo wrote:
Carsten Schiller wrote:
Hello!
We are trying to implement a login/security environment using
Tomcat 5.5's JAASRealm and Struts as a MVC-Framework.
After Login ,which fails with error "HTTP Status 403 - Access to
the requested ressource has been denied", we can navigate manually
to our output.jsp and use ...
<%= request.getUserPrincipal %> , ...
<%= request.isUserInRole("administrator") %> ...
<logic:present role="administrator">
Admin present!
</logic:present>
These return correct username, (true) for isUserInRole, and the
logic tag also works... BUT
Our problem is: We protected *.do in our web.xml to be only
accessible by users in role "administrator", which fails as
described above. Why does the login fail, but we still get a valid
Subject with Principals, and can access the roles on the output.jsp?
We are stuck now for over a week, reading tutorials, asking
google, but with no success... Any Ideas would be appreciated!
Hi,
I think resources that does not require authentication, like your
output.jsp, should return null from request.getUserPrincipal().
But what kind of JAAS loginmodule you have? Does that login module
work correctly?
- Jukka -
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]