You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2004/01/28 00:55:53 UTC
DO NOT REPLY [Bug 26477] New: -
Jetspeed JAAS Realms do not work with Tomcat 5.x
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26477>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26477
Jetspeed JAAS Realms do not work with Tomcat 5.x
Summary: Jetspeed JAAS Realms do not work with Tomcat 5.x
Product: Jetspeed
Version: 1.4
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Security
AssignedTo: jetspeed-dev@jakarta.apache.org
ReportedBy: opusbtvs@netscape.net
CC: opusbtvs@netscape.net
I have a JAAS Realm that is built on top of Jetspeed. Because jetspeed needs
to run within a servlet container and all JAASRealms must run at the server
level my JAAS Realm no longer works. To replicate define a realm in the
server.xml directory.
<Realm className="org.apache.catalina.realm.JAASRealm"
debug="99"
appName="MyServletContainer"
roleClassNames="org.apache.jetspeed.om.security.RoleNamePrincipal"
userClassNames="org.apache.jetspeed.om.security.UserNamePrincipal"/>
Add the security objects to the web application's web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected link</web-resource-name>
<url-pattern>/MYLINK</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Next create your jaas.config file
MyServletContainer
{
com.myapp.security.ServletContainerLoginModule required;
};
Create the class and have it implement the jetspeed security object
...
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
String pword = new String(((PasswordCallback) callbacks[1]).getPassword());
((PasswordCallback) callbacks[1]).clearPassword();
System.out.println ("trying to login:" + username
+ "/" + pword);
System.out.println("Attempting to authenticate against the Jetspeed security
services");
JetspeedSecurity.login(username, pword);
succeeded = true;
...
In order to get the class to run I had to add the jars and the class file to
the common.loader of the catalina.properties. Without this the class nor the
associated JAR files could be found (this was not the case in Tomcat 4.x)
Now when you start the server and try to access the associated realm object
you will get an error in the log that says
javax.security.auth.login.LoginException:
org.apache.turbine.services.InstantiationException: ServiceBroker: unknown
service LoggingService requested
The problem is that Jetspeed is looking for the properties to be within a
servlet container and the realm must run within the server. Even if I just
define the realm within the web application that does not solve the problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org