You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by se...@poczta.fm on 2006/02/23 10:26:32 UTC

Geronimo Web Interceptors, WebSSO with Authentication Proxy

Hi All,

I am looking for information about Geronimo%u2019s Web Container Interceptors. It is preferred for me to use Jetty but Tomcat is good as well.
I plan to integrate Geronimo with Authentication Proxy like WebSEAL from TAM. If you look at WAS concept, there is TAI mechanism which integrates Authentication Proxy with Application Server. Does Geronimo have something like TAI from WAS?

I thing it will be good to add my own interceptor or change the standard SecurityContextBeforeAfter one. Maybe, it will be enough to use my own Authenticator. What do you thing about it? 

Ps
I tried to use Tomcat SSO (ValveGBean) but it does not work.

This is part of plan file:
    <gbean name="SecondValve" class="org.apache.geronimo.tomcat.ValveGBean">
        <attribute name="className">my.own.SSOClass</attribute>
    </gbean>

Tomcat calls this SSOClass but it is before Geronimo loads Security Policy and when I add Credential to the request, it throws NullPointerException.
If someone is using this Tomcat SSO mechanism, any advices will be helpful for me.


Environment:
Linux RedHat 4 update 2
IBM JDK 1.4.8
Geronimo 1.0
Tivoli Access Manager 6
Tivoli Directory Server 6

best regards,
sebo


------------------------------------------------------------------
Jestes poszukiwana. Szuka Cie wysoki brunet!
>> http://link.interia.pl/f190c <<

RE: Geronimo Web Interceptors, WebSSO with Authentication Proxy

Posted by Nicholas Irving <ni...@darkedges.com>.

Does Geronimo support JACC?

If so then perhaps we could utilize that.
This document is for WebSphere 6 which I understand is a J2EE 1.4 container
the same as Geronimo.

http://publib.boulder.ibm.com/infocenter/wsdoc400/index.jsp?topic=/com.ibm.w
ebsphere.iseries.doc/info/ae/ae/csec_TAM_security.html


Looks like this subject has been approached before but from a different
angle

http://article.gmane.org/gmane.comp.java.geronimo.user/1816

This one and the same, TAM = WEBSeal = Tivoli Access Manager. Crack one and
you have it all. Surely some of the IBM guys are working on this for their
version of WebSphere Community.

Nicholas Irving
nirving@darkedges.com

-----Original Message-----
From: ammulder@gmail.com [mailto:ammulder@gmail.com] On Behalf Of Aaron
Mulder
Sent: Friday, 24 February 2006 12:58 AM
To: user@geronimo.apache.org
Subject: Re: Geronimo Web Interceptors, WebSSO with Authentication Proxy

I'd like to be able to plug third-party authentication providers like
this into Geronimo.  It's possible we can do it with a custom security
login module.  How much do you know about the WebSEAL API?  If there
was some remote call we could make, for example, to supply a username
and password and get back whether it was valid and a list of groups,
that would be pretty easy to integrate.  But I haven't heard of
WebSEAL before, so I'm not even sure if it operates on usernames and
passwords at all.

Thanks,
    Aaron

On 23 Feb 2006 10:26:32 +0100, sepima@poczta.fm <se...@poczta.fm> wrote:
> Hi All,
>
> I am looking for information about Geronimo%u2019s Web Container
Interceptors. It is preferred for me to use Jetty but Tomcat is good as
well.
> I plan to integrate Geronimo with Authentication Proxy like WebSEAL from
TAM. If you look at WAS concept, there is TAI mechanism which integrates
Authentication Proxy with Application Server. Does Geronimo have something
like TAI from WAS?
>
> I thing it will be good to add my own interceptor or change the standard
SecurityContextBeforeAfter one. Maybe, it will be enough to use my own
Authenticator. What do you thing about it?
>
> Ps
> I tried to use Tomcat SSO (ValveGBean) but it does not work.
>
> This is part of plan file:
>     <gbean name="SecondValve"
class="org.apache.geronimo.tomcat.ValveGBean">
>         <attribute name="className">my.own.SSOClass</attribute>
>     </gbean>
>
> Tomcat calls this SSOClass but it is before Geronimo loads Security Policy
and when I add Credential to the request, it throws NullPointerException.
> If someone is using this Tomcat SSO mechanism, any advices will be helpful
for me.
>
>
> Environment:
> Linux RedHat 4 update 2
> IBM JDK 1.4.8
> Geronimo 1.0
> Tivoli Access Manager 6
> Tivoli Directory Server 6
>
> best regards,
> sebo
>
>
> ------------------------------------------------------------------
> Jestes poszukiwana. Szuka Cie wysoki brunet!
> >> http://link.interia.pl/f190c <<
>
>

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.0.0/267 - Release Date: 22/02/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 24/02/2006

Re: Geronimo Web Interceptors, WebSSO with Authentication Proxy

Posted by Aaron Mulder <am...@alumni.princeton.edu>.

I'd like to be able to plug third-party authentication providers like
this into Geronimo.  It's possible we can do it with a custom security
login module.  How much do you know about the WebSEAL API?  If there
was some remote call we could make, for example, to supply a username
and password and get back whether it was valid and a list of groups,
that would be pretty easy to integrate.  But I haven't heard of
WebSEAL before, so I'm not even sure if it operates on usernames and
passwords at all.

Thanks,
    Aaron

On 23 Feb 2006 10:26:32 +0100, sepima@poczta.fm <se...@poczta.fm> wrote:
> Hi All,
>
> I am looking for information about Geronimo%u2019s Web Container Interceptors. It is preferred for me to use Jetty but Tomcat is good as well.
> I plan to integrate Geronimo with Authentication Proxy like WebSEAL from TAM. If you look at WAS concept, there is TAI mechanism which integrates Authentication Proxy with Application Server. Does Geronimo have something like TAI from WAS?
>
> I thing it will be good to add my own interceptor or change the standard SecurityContextBeforeAfter one. Maybe, it will be enough to use my own Authenticator. What do you thing about it?
>
> Ps
> I tried to use Tomcat SSO (ValveGBean) but it does not work.
>
> This is part of plan file:
>     <gbean name="SecondValve" class="org.apache.geronimo.tomcat.ValveGBean">
>         <attribute name="className">my.own.SSOClass</attribute>
>     </gbean>
>
> Tomcat calls this SSOClass but it is before Geronimo loads Security Policy and when I add Credential to the request, it throws NullPointerException.
> If someone is using this Tomcat SSO mechanism, any advices will be helpful for me.
>
>
> Environment:
> Linux RedHat 4 update 2
> IBM JDK 1.4.8
> Geronimo 1.0
> Tivoli Access Manager 6
> Tivoli Directory Server 6
>
> best regards,
> sebo
>
>
> ------------------------------------------------------------------
> Jestes poszukiwana. Szuka Cie wysoki brunet!
> >> http://link.interia.pl/f190c <<
>
>