I have an application that runs on tomcat that by default uses a
JDBCRealm to query a database for authentication. I would like to use
Kerberos for the user password authentication but still use my JDBCRealm
for access control through roles. I was hoping you could point me in the
right direction. I am running on Solaris 9, java 1.5.0_10 with tomcat
5.5.17
I really appreciate any help you could give me!!!
Here is my tomcat config:
server.xml (snippet) -
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="Tomcat"
userClassNames="javax.security.auth.kerberos.KerberosPrincipal"
roleClassNames="javax.security.auth.kerberos.KerberosPrincipal"
useContextClassLoader="true"
debug="99"/>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="in.co.daffodil.db.rmi.RmiDaffodilDBDriver"
connectionURL="jdbc:daffodilDB://localhost:3456/ovaa;"
connectionName="DAFFODIL" connectionPassword="daff0d1l"
AllRolesMode="strict"
userTable="users" userNameCol="username"
userCredCol="password"
userRoleTable="users_roles" roleNameCol="rolename" />
jaas.conf -
Tomcat {
com.sun.security.auth.module.Krb5LoginModule required;
};
web.xml (snippet) -
<security-constraint>
<display-name>Tomcat Server Configuration Security
Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.pieConfig</url-pattern>
<url-pattern>*.pieData</url-pattern>
<url-pattern>*.gridData</url-pattern>
<url-pattern>*.xls</url-pattern>
<url-pattern>*.excel</url-pattern>
<url-pattern>*.tre</url-pattern>
<url-pattern>*.tem</url-pattern>
<url-pattern>*.nc</url-pattern>
<url-pattern>*.menu</url-pattern>
<url-pattern>*.ext</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat_auth_role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ovaa-tomcat</realm-name>
<form-login-config>
<form-login-page>/jsp/rootLogin.jsp</form-login-page>
<form-error-page>/jsp/rootLogin.jsp?error=1</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The role that is required to log into Advanced
Access</description>
<role-name>tomcat_auth_role</role-name>
</security-role>
Cheers
Joe
------------------------------------------------------------------------------
This email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else,
unless expressly approved by the sender or an authorized addressee, is
unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution or
any action omitted or taken in reliance on it, is prohibited and may be
unlawful. If you believe that you have received this email in error, please
contact the sender, delete this e-mail and destroy all copies.
==============================================================================
