I've been trying to develop a JAAS module which I hoped would pick up a user cookie and then authenticate the user without them having to use a form but I've gone completely awry and would be grateful for some pointers in getting back on track as the Tomcat error I get back is "javax.security.auth.login.LoginException: Login Failure: all modules ignored" Somehow, it strikes me as being really wrong
I've installed the JAAS module JAR into the server/lib in Tomcat 5.5.23, set the login.conf at tomcat/conf/ and pointed the java security towards it. I've set the following on the web.xml file: <security-constraint> <display-name>Bedework</display-name> <web-resource-collection> <web-resource-name>Bedework</web-resource-name> <description>Resource Calendars</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description/> <role-name>*</role-name> </auth-constraint> </security-constraint>
The server.xml file also reflects the JAAS realm (although I don't think that I've set these correctly as I get the follwing error: 02-Jun-2008 14:46:11 org.apache.catalina.realm.JAASRealm parseClassNames SEVERE: Class uk.ac.stfc.User not found! Class not added. 02-Jun-2008 14:46:11 org.apache.catalina.realm.JAASRealm parseClassNames SEVERE: Class uk.ac.stfc.Role not found! Class not added.)
What I was trying to do was for the user to click on a link from one website and then be authenticated via the cookie not to be sent to the current form on the current url (/ucal - there is another accessible url but only for admins hence setting the url-pattern as /*). The current option for a user is to enter details into a form which is what I'm trying to bypass. Would I need to delete the forms on the current WARs or can these be left?
I would be grateful in any help to sort out this litany of errors so that I can get on with developing the login further. Thanks.