Shahab- I am hardly an expert, but I have just created a custom principal. Here is what I learned. The RealmBase class is responsible for creating principals for the context. Normally, this is just a Principal class. Since I extended Principal, I also needed to extend BaseRealm. The realm class must be placed in server/classes. I put the custom principal class in common/classes so my application can see it as well. No other special coding was required; I simply had to configure security and define my realm class to the context.
Extending BaseRealm is not complicated, but I suspect extending JAASRealm might be. I hope this helps... Thanks, Steve -----Original Message----- From: shahab [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 06, 2007 10:21 PM To: users@tomcat.apache.org Subject: how to set role for JAASRealm Hi: I am trying to implement authentication and authorization using JAASRealm. (I am following the instruction provided at - http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html). However, looks like the role that I set (in the RolePrincipal) is not taking effect. I have created a class extending Principal for the role. I am setting the right name of the role (which I fetch from DB) and add the class to Subject as follows - LoginContext lc = null; try { lc = new LoginContext("TMSLogin", new AuthCallBackHandler(username, password)); } catch (LoginException le) { ...... } try { lc.login(); } catch (LoginException le) { .... } // now I am trying to set the rolePrincipal Subject mySubject = lc.getSubject(); TMSRoles tmsRoles = new TMSRoles(role); mySubject.getPrincipals().add(tmsRoles); I have also made entries in server.xml as follows (i set debug to 0 hoping for more debug info, TMSLogin is defined in jaas.config in tomcat's conf directory) - <Realm className="org.apache.catalina.realm.JAASRealm" appName="TMSLogin" userClassNames="tms.core.authentication.TMSPrincipal" roleClassNames="tms.core.authentication.TMSRoles" debug="0"/> my entry in web.xml is the following - <security-constraint> <display-name>AdminConstraint</display-name> <web-resource-collection> <web-resource-name>TMSAdmin</web-resource-name> <description>Only for administrators</description> <url-pattern>/admin/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description/> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint> <security-role> <description>ADMIN</description> <role-name>ADMIN</role-name> </security-role> the getName() of the TMSRoles instance returns "ADMIN", which should allow url /admin/*. However, I am still getting HTTP 403. Please help. thanx Shahab -- View this message in context: http://www.nabble.com/how-to-set-role-for-JAASRealm-tf3359888.html#a9346 104 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
