----- Original Message ----- > From: Daniel Mikusa <dmik...@vmware.com> > To: Tomcat Users List <users@tomcat.apache.org> > Cc: > Sent: Wednesday, June 13, 2012 6:25 AM > Subject: Re: Apache tomcat (7.0.27) is not loading the user and role class > for JAASRealm > > ----- Original Message ----- >> I am creating a website and implement security. For this I am using >> Form >> based authentication and JAASRealm. I have implemented the login >> module and >> able to authenticate but while authorizing tomcat is not able to load >> the >> user and role classes once I start the tomcat server. >> >> It gives the following error on startup (in the >> tomcat7-stderr.2012-06-13.log) >> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm >> parseClassNames >> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSUserPrincipal >> not >> found! Class not added. >> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm >> parseClassNames >> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSRolePrincipal >> not >> found! Class not added. > > The classes mentioned above cannot be found. > > 1.) What are they classes? They are not part of Tomcat. > > 2.) Have you placed the classes on the classpath somewhere? If so, where? > > Dan > > > >> >> I have taken help from >> http://blog.frankel.ch/custom-loginmodule-in-tomcat >> >> I tried even the sample one on the above website but gives the same >> error. >> Please let me know what am I missing. >> -- >> Regards, >> Javed
WARNING ======= The following is based on Tomcat's documentation. I have not written my own JAAS Realm, so your mileage may vary. WARNING ======= The documentation that I'm basing this on can be found here: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html There are a few things to note from the blog post. The place the blog tells you to put the Realm configuration is confusing at best. As mentioned in the blog post, you can place your Realm definition in the Engine, Host, or Context elements. Unfortunately, the notes for the context element is a bit misleading. If you place your Realm definition in the Context element, it should be in one of two places. 1. application's META-INF/context.xml 2. CATALINA_BASE/conf/Catalina/[hostname]/appname.xml. [hostname] is typically localhost appname.xml is the "name of your application".xml. I suppose you could also place the Realm definition in CATALINA_BASE/conf/Catalina/[hostname]/context.xml.default. Placing your classes (LoginModule and Principal) within Tomcat combined with the above information probably follows the logic below. Again, I've not tried this. I'm just reading the documentation. 1. If you define your JAASRealm in your application's context.xml a. Place the LoginModule and Principle classes in WEB-INF/classes or WEB-INF/lib of your application b. No special attribute needs to be set 2. If you define your JAASRealm in Engine or Host (server.xml) a. Place the LoginModule and Principle classes in CATALINA_HOME/lib as a jar file b. Add the following attribute to the JAASRealm definition useContextClassLoader="true" This tells Tomcat to use the container classloader rather than the application's classloader to find the classes. An advantage of doing things the first way is that you can easily change your JAAS implementation and just reload the web application. An advantage of doing things the second way is that you only have to define the resource once for the entire Engine or Host. However changes to the implementation would then require a Tomcat restart. In any event, you'll need to indicate where your jaas.config file lives. The easiest way to do this is by setting a JAVA_OPTS environment variable. 1. Create a setenv.sh (or setenv.bat if you're on Windows) 2. Add the information to JAVA_OPTS. In a setenv.sh file, it would look like: JAVA_OPTS="-Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config" export JAVA_OPTS Note that the examples for doing this in both the Tomcat documentation and the JAAS documentation have a double equals ( == ) sign for the assignment. I'm not sure why this is the case. Again, this is just my reading of the documentation. Your mileage may vary. . . . only one cent, since I've no experience /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
