File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes JAAS modules being ignored by Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS modules being ignored by Tomcat " Watch "JAAS modules being ignored by Tomcat " New topic
Author

JAAS modules being ignored by Tomcat

Iain Emsley
Ranch Hand

Joined: Oct 11, 2007
Posts: 60
I've been trying to develop a JAAS module which I hoped would pick up a user cookie and then authenticate the user without them having to use a form but I've gone completely awry and would be grateful for some pointers in getting back on track as the Tomcat error I get back is "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
Somehow, it strikes me as being really wrong

I've installed the JAAS module JAR into the server/lib in Tomcat 5.5.23, set the login.conf at tomcat/conf/ and pointed the java security towards it. I've set the following on the web.xml file:
<security-constraint>
<display-name>Bedework</display-name>
<web-resource-collection>
<web-resource-name>Bedework</web-resource-name>
<description>Resource Calendars</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<description>Administrators</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user</role-name>
</security-role>

The server.xml file also reflects the JAAS realm (although I don't think that I've set these correctly as I get the follwing error:
02-Jun-2008 14:46:11 org.apache.catalina.realm.JAASRealm parseClassNames
SEVERE: Class uk.ac.stfc.User not found! Class not added.
02-Jun-2008 14:46:11 org.apache.catalina.realm.JAASRealm parseClassNames
SEVERE: Class uk.ac.stfc.Role not found! Class not added.)

What I was trying to do was for the user to click on a link from one website and then be authenticated via the cookie not to be sent to the current form on the current url (/ucal - there is another accessible url but only for admins hence setting the url-pattern as /*). The current option for a user is to enter details into a form which is what I'm trying to bypass. Would I need to delete the forms on the current WARs or can these be left?

I would be grateful in any help to sort out this litany of errors so that I can get on with developing the login further. Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS modules being ignored by Tomcat
 
Similar Threads
Tips on form-based authetication
Can authentication in tomcat rely servlet name and/or querystring?
security-constrain and security-role
Error in integrating Simple JAAS with Tomcat 5.0
Login Session Time out