You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by sreepriya ramakrishnan <sr...@yahoo.com> on 2006/09/20 16:52:05 UTC
Help with JAAS and Geronimo
Hi ,
I am having problems understanding how geronimo and
JAAS work together.
If I want to use a ServletFilter to access a Geronimo
deployed custom LOgin Module. How will I do that and
how will the configuration in Geronimo be? Should I
use Security realms ??
Your help will be greatly appreciated. I have been
stuck with this for quite sometime now and was
wondering if you can help me.
Thanks,
Priya
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: Help with JAAS and Geronimo
Posted by sreepriya ramakrishnan <sr...@yahoo.com>.
The JAAS login module should connect to LDAP and
collect the Users details like lastname.phone number,
fax number , and other details and this should be made
available to the application. Also, in cases of errors
or exceptions in JAAS authentication, the User should
be forwarded to a Login JSP page. So I was thinking
that if I am able to call a module in the
Servletfilter, then I should be able to forward the
User to other pages when needed and also put the user
details in session as a Servlet Filter has access to
httpServletRequest.
Please let me know how to achieve this in Geronimo and
what is the concept of realms here.
Thanks,
Priya
--- Aaron Mulder <am...@alumni.princeton.edu>
wrote:
> What's the "collecting user details" part of this?
>
> For example, if you use J2EE security and HTTP Basic
> authentication,
> you can have the user's username and password
> (provided by HTTP Basic
> auth) resolved against a JAAS LoginModule
> (configured as a Geronimo
> security realm) and no servlet filter is necessary.
> That will let the
> application access the current user's username, and
> check whether
> they're in any particular J2EE security role to make
> finer-grained
> authorization decisions.
>
> It would not, however, let you look up the user's
> address and phone
> number, even if that was somehow stuffed into the
> Subject by the JAAS
> LoginModule.
>
> How well does this fit what you're trying to do?
>
> Thanks,
> Aaron
>
> On 9/20/06, sreepriya ramakrishnan
> <sr...@yahoo.com> wrote:
> > Hi,
> >
> > These are the requirements:
> >
> > The application should use a HTTP Basic
> authentication
> > with JAAS for authentication user and collecting
> user
> > details.
> >
> > In all examples related to JAAS, I see that they
> use a
> > Servlet Filter which uses a LoginContext to invoke
> the
> > JAAS loginModule and then they populate the User
> > Details in the Subject.They then use the same
> > logincontext to retrieve the User details from the
> > Subject.
> > Doing it this way will enable me to populate the
> > userdetails in session so that it is available to
> the
> > application.
> >
> > I am not sure how to achieve this with Geronimo.
> >
> > Thanks,
> > Priya
> >
> > --- Aaron Mulder <am...@alumni.princeton.edu>
> > wrote:
> >
> > > Can you say a little more about what you're
> trying
> > > to do? For
> > > example, why are you accessing JAAS via a
> Servlet
> > > Filter instead of
> > > just using J2EE security? It is possible for
> you to
> > > access Geronimo
> > > security features from a filter but the best way
> may
> > > depend on what
> > > you're trying to accomplish.
> > >
> > > Thanks,
> > > Aaron
> > >
> > > On 9/20/06, sreepriya ramakrishnan
> > > <sr...@yahoo.com> wrote:
> > > > Hi ,
> > > >
> > > > I am having problems understanding how
> geronimo
> > > and
> > > > JAAS work together.
> > > >
> > > > If I want to use a ServletFilter to access a
> > > Geronimo
> > > > deployed custom LOgin Module. How will I do
> that
> > > and
> > > > how will the configuration in Geronimo be?
> Should
> > > I
> > > > use Security realms ??
> > > >
> > > > Your help will be greatly appreciated. I have
> > > been
> > > > stuck with this for quite sometime now and
> was
> > > > wondering if you can help me.
> > > >
> > > > Thanks,
> > > > Priya
> > > >
> > > >
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam? Yahoo! Mail has the best spam
> > > protection around
> > > > http://mail.yahoo.com
> > > >
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: Help with JAAS and Geronimo
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
What's the "collecting user details" part of this?
For example, if you use J2EE security and HTTP Basic authentication,
you can have the user's username and password (provided by HTTP Basic
auth) resolved against a JAAS LoginModule (configured as a Geronimo
security realm) and no servlet filter is necessary. That will let the
application access the current user's username, and check whether
they're in any particular J2EE security role to make finer-grained
authorization decisions.
It would not, however, let you look up the user's address and phone
number, even if that was somehow stuffed into the Subject by the JAAS
LoginModule.
How well does this fit what you're trying to do?
Thanks,
Aaron
On 9/20/06, sreepriya ramakrishnan <sr...@yahoo.com> wrote:
> Hi,
>
> These are the requirements:
>
> The application should use a HTTP Basic authentication
> with JAAS for authentication user and collecting user
> details.
>
> In all examples related to JAAS, I see that they use a
> Servlet Filter which uses a LoginContext to invoke the
> JAAS loginModule and then they populate the User
> Details in the Subject.They then use the same
> logincontext to retrieve the User details from the
> Subject.
> Doing it this way will enable me to populate the
> userdetails in session so that it is available to the
> application.
>
> I am not sure how to achieve this with Geronimo.
>
> Thanks,
> Priya
>
> --- Aaron Mulder <am...@alumni.princeton.edu>
> wrote:
>
> > Can you say a little more about what you're trying
> > to do? For
> > example, why are you accessing JAAS via a Servlet
> > Filter instead of
> > just using J2EE security? It is possible for you to
> > access Geronimo
> > security features from a filter but the best way may
> > depend on what
> > you're trying to accomplish.
> >
> > Thanks,
> > Aaron
> >
> > On 9/20/06, sreepriya ramakrishnan
> > <sr...@yahoo.com> wrote:
> > > Hi ,
> > >
> > > I am having problems understanding how geronimo
> > and
> > > JAAS work together.
> > >
> > > If I want to use a ServletFilter to access a
> > Geronimo
> > > deployed custom LOgin Module. How will I do that
> > and
> > > how will the configuration in Geronimo be? Should
> > I
> > > use Security realms ??
> > >
> > > Your help will be greatly appreciated. I have
> > been
> > > stuck with this for quite sometime now and was
> > > wondering if you can help me.
> > >
> > > Thanks,
> > > Priya
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam
> > protection around
> > > http://mail.yahoo.com
> > >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
Re: Help with JAAS and Geronimo
Posted by sreepriya ramakrishnan <sr...@yahoo.com>.
Hi,
These are the requirements:
The application should use a HTTP Basic authentication
with JAAS for authentication user and collecting user
details.
In all examples related to JAAS, I see that they use a
Servlet Filter which uses a LoginContext to invoke the
JAAS loginModule and then they populate the User
Details in the Subject.They then use the same
logincontext to retrieve the User details from the
Subject.
Doing it this way will enable me to populate the
userdetails in session so that it is available to the
application.
I am not sure how to achieve this with Geronimo.
Thanks,
Priya
--- Aaron Mulder <am...@alumni.princeton.edu>
wrote:
> Can you say a little more about what you're trying
> to do? For
> example, why are you accessing JAAS via a Servlet
> Filter instead of
> just using J2EE security? It is possible for you to
> access Geronimo
> security features from a filter but the best way may
> depend on what
> you're trying to accomplish.
>
> Thanks,
> Aaron
>
> On 9/20/06, sreepriya ramakrishnan
> <sr...@yahoo.com> wrote:
> > Hi ,
> >
> > I am having problems understanding how geronimo
> and
> > JAAS work together.
> >
> > If I want to use a ServletFilter to access a
> Geronimo
> > deployed custom LOgin Module. How will I do that
> and
> > how will the configuration in Geronimo be? Should
> I
> > use Security realms ??
> >
> > Your help will be greatly appreciated. I have
> been
> > stuck with this for quite sometime now and was
> > wondering if you can help me.
> >
> > Thanks,
> > Priya
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: Help with JAAS and Geronimo
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
Can you say a little more about what you're trying to do? For
example, why are you accessing JAAS via a Servlet Filter instead of
just using J2EE security? It is possible for you to access Geronimo
security features from a filter but the best way may depend on what
you're trying to accomplish.
Thanks,
Aaron
On 9/20/06, sreepriya ramakrishnan <sr...@yahoo.com> wrote:
> Hi ,
>
> I am having problems understanding how geronimo and
> JAAS work together.
>
> If I want to use a ServletFilter to access a Geronimo
> deployed custom LOgin Module. How will I do that and
> how will the configuration in Geronimo be? Should I
> use Security realms ??
>
> Your help will be greatly appreciated. I have been
> stuck with this for quite sometime now and was
> wondering if you can help me.
>
> Thanks,
> Priya
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>