JAAS and Realms configuration

Wed, 01 Feb 2006 15:24:38 -0800 

Is it possible to confiugrat a LoginModule (according to JAAS
guidelines) which will apply different authorization strategies
according to the application requesting the JAAS service.

My initial thoughts were around configuring two separeta JAAS Realms in
this way: 

conf/server.xml
....
<Realm 
        appName="FooLoginModule" 
        className="org.apache.catalina.realm.JAASRealm" 
        roleClassNames="test.jaas.web.TrxRolePrincipal" 
        userClassNames="test.jaas.web.TrxUserPrincipal"/>

<Realm 
        appName="BarLoginModule" 
        className="org.apache.catalina.realm.JAASRealm" 
        roleClassNames="test.jaas.web.TrxRolePrincipal" 
        userClassNames="test.jaas.web.TrxUserPrincipal"/>
...

Then, the JAAS configuration file will look like this: 

conf/jaas.config

FooLoginModule {
   test.jaas.web.TrxLoginModule required debug=true app=Foo;
};

BarLoginModule {
   test.jaas.web.TrxLoginModule required debug=true app=Bar;
};


The web.xml for both application should be able to specify which Realm
should be used: 

webapps/Foo/WEB-INF/web.xml
...
        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>FooLoginModule</realm-name>
                <form-login-config>
                        <form-login-page>/login.jsp</form-login-page>
                        <form-error-page>/error.jsp</form-error-page>
                </form-login-config>
        </login-config>
....

webapps/Bar/WEB-INF/web.xml
....
        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>BarLoginModule</realm-name>
                <form-login-config>
                        <form-login-page>/login.jsp</form-login-page>
                        <form-error-page>/error.jsp</form-error-page>
                </form-login-config>
        </login-config>
....

Using the <realm-name/> tag I was hoping to link the login configuration
for each application to a particular JAAS Realm. However this is not
happening. Both application will use the second JAAS Realm and it seems
that <realm-name> tag is completely ignored. 

Finally, I have to say I tried this configuration on Tomcat 5.5.9 and
5.0.30 with no success. What am I missing? Is there another tag in the
web.xml that will connect me to the right JAAS Realm ?


Stefan Baramov 
Software Developer 
TRX 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to