Hi First of all, are you sure a JDBCRealm or a DataSourceRealm do not fill your needs ?
Secondly, AFAIK when providing a Jaas module to the JaasRealm you just need to provide the authentication method (LoginModule inteface). You don't have to manipulate the loginContext, it is the JaasRealm job ... If you really need to use Jaas: 1: Write your own LoginModule (implementing java.security.auth.spi.LoginModule) 2: Write a jaas.conf description file (must be declared with - Djava.security.auth.config .... ) 3: The appName (TMSLogin) must reference a valid config in the jaas.conf 4: Configure the context / web.xml file Hih On 3/7/07, shahab <[EMAIL PROTECTED]> wrote:
Hi: I am trying to implement authentication and authorization using JAASRealm. (I am following the instruction provided at - http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html). However, looks like the role that I set (in the RolePrincipal) is not taking effect. I have created a class extending Principal for the role. I am setting the right name of the role (which I fetch from DB) and add the class to Subject as follows - LoginContext lc = null; try { lc = new LoginContext("TMSLogin", new AuthCallBackHandler(username, password)); } catch (LoginException le) { ...... } try { lc.login(); } catch (LoginException le) { .... } // now I am trying to set the rolePrincipal Subject mySubject = lc.getSubject(); TMSRoles tmsRoles = new TMSRoles(role); mySubject.getPrincipals().add(tmsRoles); I have also made entries in server.xml as follows (i set debug to 0 hoping for more debug info, TMSLogin is defined in jaas.config in tomcat's conf directory) - <Realm className="org.apache.catalina.realm.JAASRealm" appName="TMSLogin" userClassNames="tms.core.authentication.TMSPrincipal" roleClassNames="tms.core.authentication.TMSRoles" debug="0"/> my entry in web.xml is the following - <security-constraint> <display-name>AdminConstraint</display-name> <web-resource-collection> <web-resource-name>TMSAdmin</web-resource-name> <description>Only for administrators</description> <url-pattern>/admin/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description/> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint> <security-role> <description>ADMIN</description> <role-name>ADMIN</role-name> </security-role> the getName() of the TMSRoles instance returns "ADMIN", which should allow url /admin/*. However, I am still getting HTTP 403. Please help. thanx Shahab -- View this message in context: http://www.nabble.com/how-to-set-role-for-JAASRealm-tf3359888.html#a9346104 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- "Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie."