This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes JAAS and Tomcat container managed authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS and Tomcat container managed authentication " Watch "JAAS and Tomcat container managed authentication " New topic
Author

JAAS and Tomcat container managed authentication

Sven Anderson
Ranch Hand

Joined: Apr 14, 2004
Posts: 58
Hi,

I'm currently looking into using JAAS for authentication of J2EE webapps. I've got a couple of questions I haven't been able to answer while I've been setting up a test environment on Tomcat 5.5.

1. I've successfully built a jsp page that uses the j_username and j_password fields which submit to j_security_check. I've got a class implementing LoginModule which successfully gets the username from NameCallback and password from PasswordCallback handlers. I've now modified my code implementing custom handlers for username and password. The html form is now submitting login details to a servlet which does the following:


The problem I have is that it doesn't seem that Tomcat knows that I've been authenticated (lc.login() return a Subject with correct user and role) and doesn't allow me to access protected pages that been specified inside the <security-constraint> tag in web.xml. Also request.getRemoteUser() gives me null. It seems that I'm bypassing Tomcat's authentication when I implement a LoginContext in my servlet. Everything works fine when I use the html form that post directly to j_security_check. I'm not sure what's wrong or if I even can do it this way.

Many Thanks
E
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS and Tomcat container managed authentication