You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Mark <ma...@piggybankrupt.co.uk> on 2014/07/11 17:12:23 UTC
Using jaas
Hi,
I have a question regarding JAAS within tomee+ 1.6.0.2. Does Tomee
instantiate the LoginContext and call LoginModule.login or is the webapp
responsible for this?
I am trying to implement jaas login module, however I keep getting the error
page. I have:
-written the webform
<h:panelGroup layout="block" id="login-form">
<h:outputText value="Login:"/>
<form action="j_security_check" method="POST">
<h:outputLabel>#{bundle['login.username']}:</h:outputLabel>
<h:inputText id="j_username" size="20" />
<h:outputLabel>#{bundle['login.password']}:</h:outputLabel>
<h:inputSecret id="j_password" size="20"/>
<input type="submit" value="sumit" />
<br /><br />
<h:link value="Register" action="register"
immediate="true"/>
</form>
</h:panelGroup>
- configured a jass.config file
aLogin{
com.mark.security.jaasloginmodule.MyLogin required;
};
- configured setenv.bat
set "CATALINA_OPTS=%CATALINA_OPTS%
-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config"
- configured server.xml
<Listener className="org.apache.tomee.loader.OpenEJBListener" />
<Listener className="org.apache.tomee.catalina.ServerListener" />
<Listener className="org.apache.catalina.security.SecurityListener" />
<Realm className="org.apache.catalina.realm.JAASRealm" appName="aLogin"
userClassNames="com.mark.security.jaasloginmodule.UserPrincipal"
roleClassNames="com.mark.security.jaasloginmodule.RolesPrincipal"/>
- Setup web.xml in my webapp
- Written the LoginModule, UserPrincipal & RolePrincipal classes
Any help is appreciated.
Regards,
Mark Davis
Piggy Bankrupt
Web: <http://www.piggybankrupt.co.uk/> www.piggybankrupt.co.uk
E-mail: <ma...@piggybankrupt.co.uk> mark@piggybankrupt.co.uk
This e-mail is from Piggy Bankrupt whose principal place of business is 47
Goldfinch Close, Caldicot, Monmouthshire, NP26 5BW. Piggy Bankrupt is
registered as a data controller (Z1138594) for Data Protection purposes.
This email and any associated file contains confidential information and is
intended solely for the person(s) named. If you are not the intended
recipient, please do not read, print, store, disclose, re-distribute or act
upon any information contained. Instead, please return to the sender and
delete the message and / or files from your PC.
RE: Using jaas
Posted by Mark <ma...@piggybankrupt.co.uk>.
Ok, thanks for the quick response.
-----Original Message-----
From: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
Sent: 11 July 2014 16:17
To: users@tomee.apache.org
Subject: Re: Using jaas
Hi
easiest way is to call login on the HttpServletRequest to trigger JAAS login.
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-07-11 17:12 GMT+02:00 Mark <ma...@piggybankrupt.co.uk>:
> Hi,
>
>
>
> I have a question regarding JAAS within tomee+ 1.6.0.2. Does Tomee
> instantiate the LoginContext and call LoginModule.login or is the
> webapp responsible for this?
>
>
>
> I am trying to implement jaas login module, however I keep getting the
> error page. I have:
>
>
>
>
>
> -written the webform
>
> <h:panelGroup layout="block" id="login-form">
>
> <h:outputText value="Login:"/>
>
> <form action="j_security_check" method="POST">
>
>
> <h:outputLabel>#{bundle['login.username']}:</h:outputLabel>
>
> <h:inputText id="j_username" size="20" />
>
>
> <h:outputLabel>#{bundle['login.password']}:</h:outputLabel>
>
> <h:inputSecret id="j_password" size="20"/>
>
> <input type="submit" value="sumit" />
>
> <br /><br />
>
> <h:link value="Register" action="register"
> immediate="true"/>
>
> </form>
>
>
>
> </h:panelGroup>
>
>
>
> - configured a jass.config file
>
> aLogin{
>
> com.mark.security.jaasloginmodule.MyLogin required;
>
> };
>
>
>
> - configured setenv.bat
>
> set "CATALINA_OPTS=%CATALINA_OPTS%
> -Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config"
>
>
>
> - configured server.xml
>
>
>
> <Listener className="org.apache.tomee.loader.OpenEJBListener" />
>
> <Listener className="org.apache.tomee.catalina.ServerListener" />
>
> <Listener className="org.apache.catalina.security.SecurityListener" />
>
>
>
> <Realm className="org.apache.catalina.realm.JAASRealm" appName="aLogin"
>
>
> userClassNames="com.mark.security.jaasloginmodule.UserPrincipal"
>
>
> roleClassNames="com.mark.security.jaasloginmodule.RolesPrincipal"/>
>
>
>
> - Setup web.xml in my webapp
>
> - Written the LoginModule, UserPrincipal & RolePrincipal classes
>
>
>
> Any help is appreciated.
>
>
>
> Regards,
>
>
>
>
>
> Mark Davis
>
> Piggy Bankrupt
>
>
>
> Web: <http://www.piggybankrupt.co.uk/> www.piggybankrupt.co.uk
>
> E-mail: <ma...@piggybankrupt.co.uk>
> mark@piggybankrupt.co.uk
>
>
>
> This e-mail is from Piggy Bankrupt whose principal place of business
> is 47 Goldfinch Close, Caldicot, Monmouthshire, NP26 5BW. Piggy
> Bankrupt is registered as a data controller (Z1138594) for Data Protection purposes.
>
>
>
> This email and any associated file contains confidential information
> and is intended solely for the person(s) named. If you are not the
> intended recipient, please do not read, print, store, disclose,
> re-distribute or act upon any information contained. Instead, please
> return to the sender and delete the message and / or files from your PC.
>
>
>
Re: Using jaas
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
easiest way is to call login on the HttpServletRequest to trigger JAAS login.
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-07-11 17:12 GMT+02:00 Mark <ma...@piggybankrupt.co.uk>:
> Hi,
>
>
>
> I have a question regarding JAAS within tomee+ 1.6.0.2. Does Tomee
> instantiate the LoginContext and call LoginModule.login or is the webapp
> responsible for this?
>
>
>
> I am trying to implement jaas login module, however I keep getting the error
> page. I have:
>
>
>
>
>
> -written the webform
>
> <h:panelGroup layout="block" id="login-form">
>
> <h:outputText value="Login:"/>
>
> <form action="j_security_check" method="POST">
>
> <h:outputLabel>#{bundle['login.username']}:</h:outputLabel>
>
> <h:inputText id="j_username" size="20" />
>
> <h:outputLabel>#{bundle['login.password']}:</h:outputLabel>
>
> <h:inputSecret id="j_password" size="20"/>
>
> <input type="submit" value="sumit" />
>
> <br /><br />
>
> <h:link value="Register" action="register"
> immediate="true"/>
>
> </form>
>
>
>
> </h:panelGroup>
>
>
>
> - configured a jass.config file
>
> aLogin{
>
> com.mark.security.jaasloginmodule.MyLogin required;
>
> };
>
>
>
> - configured setenv.bat
>
> set "CATALINA_OPTS=%CATALINA_OPTS%
> -Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config"
>
>
>
> - configured server.xml
>
>
>
> <Listener className="org.apache.tomee.loader.OpenEJBListener" />
>
> <Listener className="org.apache.tomee.catalina.ServerListener" />
>
> <Listener className="org.apache.catalina.security.SecurityListener" />
>
>
>
> <Realm className="org.apache.catalina.realm.JAASRealm" appName="aLogin"
>
>
> userClassNames="com.mark.security.jaasloginmodule.UserPrincipal"
>
>
> roleClassNames="com.mark.security.jaasloginmodule.RolesPrincipal"/>
>
>
>
> - Setup web.xml in my webapp
>
> - Written the LoginModule, UserPrincipal & RolePrincipal classes
>
>
>
> Any help is appreciated.
>
>
>
> Regards,
>
>
>
>
>
> Mark Davis
>
> Piggy Bankrupt
>
>
>
> Web: <http://www.piggybankrupt.co.uk/> www.piggybankrupt.co.uk
>
> E-mail: <ma...@piggybankrupt.co.uk> mark@piggybankrupt.co.uk
>
>
>
> This e-mail is from Piggy Bankrupt whose principal place of business is 47
> Goldfinch Close, Caldicot, Monmouthshire, NP26 5BW. Piggy Bankrupt is
> registered as a data controller (Z1138594) for Data Protection purposes.
>
>
>
> This email and any associated file contains confidential information and is
> intended solely for the person(s) named. If you are not the intended
> recipient, please do not read, print, store, disclose, re-distribute or act
> upon any information contained. Instead, please return to the sender and
> delete the message and / or files from your PC.
>
>
>