how to set role for JAASRealm

[shahab]

Hi: 
I am trying to implement authentication and authorization using JAASRealm.
(I am following the instruction provided at -
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html). However, looks
like the role that I set (in the RolePrincipal) is not taking effect.


I have created a class extending Principal for the role. I am setting the
right name of the role (which I fetch from DB) and add the class to Subject
as follows -

LoginContext lc = null;

try {
                lc = new LoginContext("TMSLogin",
        new AuthCallBackHandler(username, password));
} catch (LoginException le) {
......
}
                
try {
             lc.login();
} catch (LoginException le) {
....            
}

// now I am trying to set the rolePrincipal

Subject mySubject = lc.getSubject();

TMSRoles tmsRoles = new TMSRoles(role);
mySubject.getPrincipals().add(tmsRoles);

I have also made entries in server.xml as follows (i set debug to 0 hoping
for more debug info, TMSLogin is defined in jaas.config in tomcat's conf
directory) - 
<Realm className="org.apache.catalina.realm.JAASRealm"                 
                        appName="TMSLogin"       
            userClassNames="tms.core.authentication.TMSPrincipal" 
            roleClassNames="tms.core.authentication.TMSRoles" 
                              debug="0"/> 

my entry in web.xml is the following - 
<security-constraint> 
           <display-name>AdminConstraint</display-name> 
           <web-resource-collection> 
               <web-resource-name>TMSAdmin</web-resource-name> 
               <description>Only for administrators</description> 
               <url-pattern>/admin/*</url-pattern> 
               <http-method>GET</http-method> 
               <http-method>POST</http-method> 
           </web-resource-collection> 
           <auth-constraint> 
               <description/> 
               <role-name>ADMIN</role-name> 
           </auth-constraint> 
     </security-constraint> 
        
        
       <security-role> 
           <description>ADMIN</description> 
           <role-name>ADMIN</role-name> 
       </security-role> 

the getName() of the TMSRoles instance returns "ADMIN", which should allow
url /admin/*. 

However, I am still getting HTTP 403. 

Please help. 

thanx 
Shahab
-- 
View this message in context: 
http://www.nabble.com/how-to-set-role-for-JAASRealm-tf3359888.html#a9346104
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]