You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stefan Baramov <St...@trx.com> on 2006/02/02 00:26:00 UTC
JAAS and Realms configuration
Is it possible to confiugrat a LoginModule (according to JAAS
guidelines) which will apply different authorization strategies
according to the application requesting the JAAS service.
My initial thoughts were around configuring two separeta JAAS Realms in
this way:
conf/server.xml
....
<Realm
appName="FooLoginModule"
className="org.apache.catalina.realm.JAASRealm"
roleClassNames="test.jaas.web.TrxRolePrincipal"
userClassNames="test.jaas.web.TrxUserPrincipal"/>
<Realm
appName="BarLoginModule"
className="org.apache.catalina.realm.JAASRealm"
roleClassNames="test.jaas.web.TrxRolePrincipal"
userClassNames="test.jaas.web.TrxUserPrincipal"/>
...
Then, the JAAS configuration file will look like this:
conf/jaas.config
FooLoginModule {
test.jaas.web.TrxLoginModule required debug=true app=Foo;
};
BarLoginModule {
test.jaas.web.TrxLoginModule required debug=true app=Bar;
};
The web.xml for both application should be able to specify which Realm
should be used:
webapps/Foo/WEB-INF/web.xml
...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>FooLoginModule</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
....
webapps/Bar/WEB-INF/web.xml
....
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BarLoginModule</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
....
Using the <realm-name/> tag I was hoping to link the login configuration
for each application to a particular JAAS Realm. However this is not
happening. Both application will use the second JAAS Realm and it seems
that <realm-name> tag is completely ignored.
Finally, I have to say I tried this configuration on Tomcat 5.5.9 and
5.0.30 with no success. What am I missing? Is there another tag in the
web.xml that will connect me to the right JAAS Realm ?
Stefan Baramov
Software Developer
TRX
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JAAS and Realms configuration
Posted by Mark Thomas <ma...@apache.org>.
Stefan Baramov wrote:
> Using the <realm-name/> tag I was hoping to link the login configuration
> for each application to a particular JAAS Realm. However this is not
> happening. Both application will use the second JAAS Realm and it seems
> that <realm-name> tag is completely ignored.
>
> Finally, I have to say I tried this configuration on Tomcat 5.5.9 and
> 5.0.30 with no success. What am I missing? Is there another tag in the
> web.xml that will connect me to the right JAAS Realm ?
The linkage is done within the context rather than web.xml. Nest your
Realm inside your Context and you should be good to go. AFAIK the
names in web.xml are only used to identify the realm to the user and
in DIGEST auth.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org