You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Emsley, I (Iain)" <I....@rl.ac.uk> on 2008/06/03 17:58:43 UTC
JAAS modules being ignored by Tomcat
Hello,
I've just deployed a JAAS module onto Tomcat 5.5.23 into the server/lib
file to read a cookie and authenticate via that method for the url:
localhost:8080/ucal. However one of the applications that I'm trying to
log into currently has form-based authentication set in its web.xml:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/docs/login/login.html</form-login-page>
<form-error-page>/docs/login/error.html</form-error-page>
</form-login-config>
</login-config>
This is causes an error in which the entire JAAS module is bypassed and
so the resource remains locked up.
I've commented this out and restarted Tomcat but if I click on the above
link, I still get the form which I'm trying to bypass. I've set the
following contraints in the tomcat/conf/web.xml:
<security-constraint>
<display-name>Bedework</display-name>
<web-resource-collection>
<web-resource-name>Bedework</web-resource-name>
<description>Resource Calendars</description>
<url-pattern>/ucal/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Administrators</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user</role-name>
</security-role>
I'd be grateful for any help or advice in getting my login module to
work correctly.
MTIA,
Iain
Iain Emsley