You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2004/01/28 00:55:53 UTC

DO NOT REPLY [Bug 26477] New: - Jetspeed JAAS Realms do not work with Tomcat 5.x

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26477>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26477

Jetspeed JAAS Realms do not work with Tomcat 5.x

           Summary: Jetspeed JAAS Realms do not work with Tomcat 5.x
           Product: Jetspeed
           Version: 1.4
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Security
        AssignedTo: jetspeed-dev@jakarta.apache.org
        ReportedBy: opusbtvs@netscape.net
                CC: opusbtvs@netscape.net


I have a JAAS Realm that is built on top of Jetspeed.  Because jetspeed needs 
to run within a servlet container and all JAASRealms must run at the server 
level my JAAS Realm no longer works.  To replicate define a realm in the 
server.xml directory.

<Realm className="org.apache.catalina.realm.JAASRealm"
       debug="99" 
       appName="MyServletContainer"
       roleClassNames="org.apache.jetspeed.om.security.RoleNamePrincipal"
       userClassNames="org.apache.jetspeed.om.security.UserNamePrincipal"/>

Add the security objects to the web application's web.xml file

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Protected link</web-resource-name>
    <url-pattern>/MYLINK</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  	<role-name>admin</role-name>
  </auth-constraint>
 </security-constraint>

Next create your jaas.config file
MyServletContainer
{
	com.myapp.security.ServletContainerLoginModule required;
};

Create the class and have it implement the jetspeed security object

...
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
			
String pword = new String(((PasswordCallback) callbacks[1]).getPassword());
			((PasswordCallback) callbacks[1]).clearPassword();
			System.out.println ("trying to login:" + username 
+ "/" + pword);

System.out.println("Attempting to authenticate against the Jetspeed security 
services");
			
JetspeedSecurity.login(username, pword);
			succeeded = true;
...

In order to get the class to run I had to add the jars and the class file to 
the common.loader of the catalina.properties.  Without this the class nor the 
associated JAR files could be found (this was not the case in Tomcat 4.x)

Now when you start the server and try to access the associated realm object 
you will get an error in the log that says
javax.security.auth.login.LoginException: 
org.apache.turbine.services.InstantiationException: ServiceBroker: unknown 
service LoggingService requested

The problem is that Jetspeed is looking for the properties to be within a 
servlet container and the realm must run within the server.  Even if I just 
define the realm within the web application that does not solve the problem.

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org