This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Jaas + Tomcat 6 + Multiple modules Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Jaas + Tomcat 6 + Multiple modules" Watch "Jaas + Tomcat 6 + Multiple modules" New topic
Author

Jaas + Tomcat 6 + Multiple modules

Filip Nelis
Greenhorn

Joined: Mar 23, 2009
Posts: 10
Hi all,

How do you define in tomcat multiple custom LoginModules?

By this I mean:
You have fi an jaas.conf file like this one:


How do you specify in the context.xml those different modules?

You can't add multiple appNames...
What's the right way to do this kind of configuration?

Thanks in advance,

Filip


Scjp 1.6 certified
SCWCD 5 certified
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959
    
  19

Tomcat implements J2EE standard container-based security, and that standard has very strict requirements. Specifically, 2 and only 2 parameters are supported as part of an authentication (login) request, and while security professionals have their own terminology, the rest of us call these parameters "userid" and "password".

It makes for a very simple unconfusing user interaction, since the user doesn't end up in situations where privileges assigned in one login mode or context aren't available because the user logged in using another context and because there's never any doubt of which context the user is operating under when problems arise.

I'm not sure if this has any bearing on what you're asking, since I'm not sure what the "multiple modules" thing is supposed to be about, but I figured I should mention it, since some people do ask questions like that.

Incidentally, I think that quite a few people have gotten the idea that J2EE container authorization is JAAS. It isn't. JAAS is just one of the many authentication mechanisms that are supported under the fa├žade of J2EE Container-Managed Authentication and Authorization for Tomcat.

Looking at the question from another direction, Tomcat 6 has an Aggregating Realm that allows multiple Realms to manage user accounts. It's especially useful for situations such as public/internal webapps, where in-house user accounts are defined in LDAP/Active Directory and public user accounts are defined in a database. You can also use this to combine several JAAS Realms, if that's of any help.

JAAS itself is much more fine-grained than J2EE container-managed security, and I'm not as well-versed in it as I would like, since I haven't needed the extra power lately.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Jaas + Tomcat 6 + Multiple modules
 
Similar Threads
IntelliJ IDEA to Eclipse migration; Tomcat
HOW TO ADD LDAP ENTRIES USING JNDI?
contacting an action in a strut-config.xml from another strut-config.xml
TomCat System.out redirection to Log file ?
Retrieving Authenticated JAAS Subject