wood burning stoves*
The moose likes Java in General and the fly likes Problem of JAAS  with JDK version Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Problem of JAAS  with JDK version" Watch "Problem of JAAS  with JDK version" New topic
Author

Problem of JAAS with JDK version

shankha bhattacharya
Greenhorn

Joined: Apr 20, 2007
Posts: 12
Hi,

I am facing a problem for JAAS implementation with Java(TM) 2 SDK, Standard Edition Version 1.4.1 and tagish.jar.
I took help form http://www.mooreds.com/jaas.htmland also from http://free.tagish.net/jaas/doc.html.

----------------------------------------------------------------------------

I used JAAS with the above mentioned configurations for UserId/password Authorization and Authentication of my application.

----------------------------------------------------------------------------
Here also I use tagish.login file for the class I use for JAAS

Entry in the tagish.login file

FileLogin
{
com.tagish.auth.DBLogin required debug=true contextPath="D:/Tomcat 4.1/webapps/pharma";
};

----------------------------------------------------------------------------
Also insert the following value for login configuration and Policy in the java.security file

login.config.url.1=file:${java.home}/lib/security/tagish.login
policy.url.1=file:${java.home}/lib/security/epedigree.policy

---------------------------------------------------------------------------
In the epedigree.policy file is look like -

grant Principal * * {

permission com.xor.auth.perm.URLPermission "/pages/Home.jsp";
..
..
..
};

grant Principal com.tagish.auth.TypedPrincipal "PR001" {


permission com.xor.auth.perm.URLPermission "/pharma/Welcome.do";
permission com.xor.auth.perm.URLPermission "/pharma/AdminAction.do";
--
--
--

};
--------------------------------------------------------------------------
epedigree.policy,java.security,tagish.login files are placed inside jre\lib\security folder.

----------------------------------------------------------------------------

@@@@ All these configurations are made taking help from the above mentioned link @@@@

----------------------------------------------------------------------------
Basically in my application I use my ActionServlet instead of
org.apache.struts.action.ActionServlet.

public class ActionServlet extends org.apache.struts.action.ActionServlet

In this class I give the permission for my logging Page to all users and for rest of the requestd page I check the permission.

Entry of the requested pages are mentioned in the struts config file.

code :

Subject subject = ((Subject)(request.getSession().getAttribute("subject_key")));

if (subject == null && (! request.getRequestURI().equals(loginPage)))
{
// redirect to login page
response.sendRedirect(request.getContextPath()+"/pages/right.jsp");
}
else if (subject == null && request.getRequestURI().equals(loginPage))
{
// login page is always permitted
super.process(request,response);

} else {


if ( ! AuthUtils.permitted(subject, perm) ) {

// subject is not permitted; redirect to error page

System.err.println("@@@@ ------------ ActionServlet : : Flag1 : Not Permitted " );

String theURL = request.getContextPath()+"/pages/right.jsp?"+ "pagePerm=no";
theURL = response.encodeRedirectURL(theURL);
response.sendRedirect(theURL);

} else {

System.err.println("@@@@ ------------ ActionServlet : : Flag2 : Permitted ");
super.process(request,response);
}
}


AuthUtils class available in the tagish.jar.
---------------------------------------------------------------------------

Now where the problem starts.

---------------------------------------------------------------------------
In one of my page when I submit the page I set a form variable in the corrosponding js file.

But I am not getting that value in the requested Action class .
---------------------------------------------------------------------------
function onClickAddTransRecv()
{
window.alert("saving TransRecvFormBean");
document.TransRecvInfoForm.actionType.value = "addTransRecvSubmit";
document.TransRecvInfoForm.submit();
window.alert("TransRecvInfoForm submited");
window.close();
}

In the requested action class

String sAction = (String) request.getParameter("actionType");

The value of sAction is NULL instead of "addTransRecvSubmit" .

---------------------------------------------------------------------------
But if I use JDK1.5.0_04 or Java1.5x I am not facing that problem.
I am geting the appropriate value of sAction.
---------------------------------------------------------------------------

Please help.

[ April 20, 2007: Message edited by: shankha bhattacharya ]
[ April 20, 2007: Message edited by: shankha bhattacharya ]
Joanne Neal
Rancher

Joined: Aug 05, 2005
Posts: 3429
    
  12
I don't know the answer to your question, but I do know you are more likely to get help if you edit your post and put all the code into code tags to make it more readable.


Joanne
 
 
subject: Problem of JAAS with JDK version
 
Similar Threads
JAAS authorization on WAS 7.0
java web start security
JAAS1.0 sample Error
getting the URI response page in struts actio servlet
JAAS programatically