This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Security and the fly likes Error in integrating Simple JAAS with Tomcat 5.0 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Error in integrating Simple JAAS with Tomcat 5.0" Watch "Error in integrating Simple JAAS with Tomcat 5.0" New topic
Author

Error in integrating Simple JAAS with Tomcat 5.0

avaya sahu
Greenhorn

Joined: Oct 16, 2001
Posts: 14
I am working on security module with the following requirement.
1. Authentication should happen once using basic authentication.

2. Any subsequent request should go through the process but should not do the actual authentication rather should check the data from session.

can some provide me sample class and configuration detail to integrate simple LoginModule. At this point I don't have any Autherization requirement, all modules are accessible to all authenticated user. Authentication criteria: user name should same as password.


I have tried it by reading some document. I am able to complete the authentication part I belive but authorization is not working.
Below are the files and steps that I have performed.

web.xml Change
============
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Your Realm</realm-name>
</login-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>


jaas config:
=========
DemoSP {
HttpLoginModule required debug=true;
};

server.xml
==========

<Realm className="org.apache.catalina.realm.JAASRealm"
appName="DemoSP"
userClassNames="SamplePrincipal"
roleClassNames="SampleGroupPrincipal"
useContextClassLoader="true"
debug="99"/>


HttpLoginModule.java
===============
public class HttpLoginModule implements LoginModule {
public boolean login() throws LoginException {
String username = null;
String password = null;
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
password = new String(((PasswordCallback) callbacks[1]).getPassword());
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.toString());
}
userPrincipal = new SamplePrincipal(username);
return true;
}
public boolean commit() throws LoginException {
return true;
}
//default implementation for others
}

JDK argument :
===========
-Djava.security.auth.login.config==jaas.config

Thanks
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Error in integrating Simple JAAS with Tomcat 5.0