You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rene Paulokat <re...@so36.net> on 2004/09/22 15:19:06 UTC

too many JAAS...

hi again,
fiddled araound with JAASRealm in tomcat 5.0.28
but still did not succeed.

so i`ll ask a few simple questions:
(which actually seemed already answered to me while reading tons of
faq/documentation - but it still does not work)

is it possible to authenticate users via servlet, when the actual page
does not include action-url 'j_security_check'
e.g. <form action="myservlet.do" method="POST">

i need to do so, because 'MyCallbackHandler' needs more specific data

if so, is it fuerthermore possible to do smthng like:
 
 LoginContext ctx = new LoginContext("logonDef", new MyCallbackHandler(user,pass,object));
 ctx.login();

if so, why do i have loads of problems when i try to retrieve
MyCallbackHandler in my custom LoginModule when simple doin:

public  class MyLoginModule implements LoginModule {

 private Subject subject;
 private CallbackHandler handler;
 private Map sharedState;
 private Map options;
 private Logger logger;

 public void initialize(Subject subject, CallbackHandler callbackHandler,
	Map sharedState,Map options) {
		
	this.subject = subject;
	this.handler = callbackHandler;
	this.sharedState = sharedState;
	this.options = options;
	this.logger = Logger.getLogger(MyLoginModule.class);
 }

 pubic boolean login() {
 	MyCallbackHandler myhandler = (MyCallbackHandler) this.handler;
	// do something with it..
	// but here the ClassCastException shows up ...
	
 }
...
}


thanks in advance..

insanely
rene

 
-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: too many JAAS...

Posted by Rene Paulokat <re...@so36.net>.
On Wed, Sep 22, 2004 at 03:47:08PM +0200, Michiel Toneman wrote:

> You can have a look at 
> http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
> 
> It contains a "known-good" approach so it may be of some use to you.

hi michiel,
yes, i found that already, but i thought this is not *very* different
from my approach:

in this example 'SecurityFilter' does the same thing like my
Login-servlet:

creates new LoginContext - passes over the CallBackhandler - here
'HttpAuthCallBackhandler' and finally calls login-method of loginModule.

additionally it puts 'Subject' into user's Session, to be reused when
needed. fine thing.

i think i am missing some more basic thing - cause of my beloved
ClassCastException, when my loginModule starts to act...

or - is it the only way to accomplish the task with that kind of
'SecurityFilter' - which in the example acts upon every request?

thanks for your hint, i'am gonna implement it test-wise...

greetings
rene












-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: too many JAAS...

Posted by Michiel Toneman <Mi...@bibit.com>.

Hi Rene,

You can have a look at 
http://www.kopz.org/public/documents/tomcat/jaasintomcat.html

It contains a "known-good" approach so it may be of some use to you.

Michiel


Rene Paulokat wrote:

>hi again,
>fiddled araound with JAASRealm in tomcat 5.0.28
>but still did not succeed.
>
>so i`ll ask a few simple questions:
>(which actually seemed already answered to me while reading tons of
>faq/documentation - but it still does not work)
>
>is it possible to authenticate users via servlet, when the actual page
>does not include action-url 'j_security_check'
>e.g. <form action="myservlet.do" method="POST">
>
>i need to do so, because 'MyCallbackHandler' needs more specific data
>
>if so, is it fuerthermore possible to do smthng like:
> 
> LoginContext ctx = new LoginContext("logonDef", new MyCallbackHandler(user,pass,object));
> ctx.login();
>
>if so, why do i have loads of problems when i try to retrieve
>MyCallbackHandler in my custom LoginModule when simple doin:
>
>public  class MyLoginModule implements LoginModule {
>
> private Subject subject;
> private CallbackHandler handler;
> private Map sharedState;
> private Map options;
> private Logger logger;
>
> public void initialize(Subject subject, CallbackHandler callbackHandler,
>	Map sharedState,Map options) {
>		
>	this.subject = subject;
>	this.handler = callbackHandler;
>	this.sharedState = sharedState;
>	this.options = options;
>	this.logger = Logger.getLogger(MyLoginModule.class);
> }
>
> pubic boolean login() {
> 	MyCallbackHandler myhandler = (MyCallbackHandler) this.handler;
>	// do something with it..
>	// but here the ClassCastException shows up ...
>	
> }
>...
>}
>
>
>thanks in advance..
>
>insanely
>rene
>
> 
>  
>


-- 
Michiel Toneman  Software Engineer   Bibit Global Payment Services
Regulierenring 10  3981 LB  Bunnik       Michiel.Toneman@bibit.com
Tel. +31-30-6595168  Fax +31-30-6564464      http://www.bibit.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org