You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rene Paulokat <re...@so36.net> on 2004/09/22 15:19:06 UTC
too many JAAS...
hi again,
fiddled araound with JAASRealm in tomcat 5.0.28
but still did not succeed.
so i`ll ask a few simple questions:
(which actually seemed already answered to me while reading tons of
faq/documentation - but it still does not work)
is it possible to authenticate users via servlet, when the actual page
does not include action-url 'j_security_check'
e.g. <form action="myservlet.do" method="POST">
i need to do so, because 'MyCallbackHandler' needs more specific data
if so, is it fuerthermore possible to do smthng like:
LoginContext ctx = new LoginContext("logonDef", new MyCallbackHandler(user,pass,object));
ctx.login();
if so, why do i have loads of problems when i try to retrieve
MyCallbackHandler in my custom LoginModule when simple doin:
public class MyLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler handler;
private Map sharedState;
private Map options;
private Logger logger;
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState,Map options) {
this.subject = subject;
this.handler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.logger = Logger.getLogger(MyLoginModule.class);
}
pubic boolean login() {
MyCallbackHandler myhandler = (MyCallbackHandler) this.handler;
// do something with it..
// but here the ClassCastException shows up ...
}
...
}
thanks in advance..
insanely
rene
--
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294 8BEB 16B3 15BD 8FC7 8254
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: too many JAAS...
Posted by Rene Paulokat <re...@so36.net>.
On Wed, Sep 22, 2004 at 03:47:08PM +0200, Michiel Toneman wrote:
> You can have a look at
> http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
>
> It contains a "known-good" approach so it may be of some use to you.
hi michiel,
yes, i found that already, but i thought this is not *very* different
from my approach:
in this example 'SecurityFilter' does the same thing like my
Login-servlet:
creates new LoginContext - passes over the CallBackhandler - here
'HttpAuthCallBackhandler' and finally calls login-method of loginModule.
additionally it puts 'Subject' into user's Session, to be reused when
needed. fine thing.
i think i am missing some more basic thing - cause of my beloved
ClassCastException, when my loginModule starts to act...
or - is it the only way to accomplish the task with that kind of
'SecurityFilter' - which in the example acts upon every request?
thanks for your hint, i'am gonna implement it test-wise...
greetings
rene
--
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294 8BEB 16B3 15BD 8FC7 8254
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: too many JAAS...
Posted by Michiel Toneman <Mi...@bibit.com>.
Hi Rene,
You can have a look at
http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
It contains a "known-good" approach so it may be of some use to you.
Michiel
Rene Paulokat wrote:
>hi again,
>fiddled araound with JAASRealm in tomcat 5.0.28
>but still did not succeed.
>
>so i`ll ask a few simple questions:
>(which actually seemed already answered to me while reading tons of
>faq/documentation - but it still does not work)
>
>is it possible to authenticate users via servlet, when the actual page
>does not include action-url 'j_security_check'
>e.g. <form action="myservlet.do" method="POST">
>
>i need to do so, because 'MyCallbackHandler' needs more specific data
>
>if so, is it fuerthermore possible to do smthng like:
>
> LoginContext ctx = new LoginContext("logonDef", new MyCallbackHandler(user,pass,object));
> ctx.login();
>
>if so, why do i have loads of problems when i try to retrieve
>MyCallbackHandler in my custom LoginModule when simple doin:
>
>public class MyLoginModule implements LoginModule {
>
> private Subject subject;
> private CallbackHandler handler;
> private Map sharedState;
> private Map options;
> private Logger logger;
>
> public void initialize(Subject subject, CallbackHandler callbackHandler,
> Map sharedState,Map options) {
>
> this.subject = subject;
> this.handler = callbackHandler;
> this.sharedState = sharedState;
> this.options = options;
> this.logger = Logger.getLogger(MyLoginModule.class);
> }
>
> pubic boolean login() {
> MyCallbackHandler myhandler = (MyCallbackHandler) this.handler;
> // do something with it..
> // but here the ClassCastException shows up ...
>
> }
>...
>}
>
>
>thanks in advance..
>
>insanely
>rene
>
>
>
>
--
Michiel Toneman Software Engineer Bibit Global Payment Services
Regulierenring 10 3981 LB Bunnik Michiel.Toneman@bibit.com
Tel. +31-30-6595168 Fax +31-30-6564464 http://www.bibit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org