Re: JAAS with JSPWiki

["samala_family@yahoo.com" <sa...@yahoo.com>]

Hello,

I am having a simlar issue.....were you able to find a solution.

Thanks


new2Jaas wrote:
> 
> Hello,
> I have been trying to implement JAAS login with JSPWiki on Tomcat. We are
> using JSPWiki 2.6.2 with Tomcat5.5
> We have an existing web application (mainApp) that does not use JAAS.
> However, we would like to use JSPWiki as a portal with a single-sign-on
> feature -
> meaning when the user logs into our mainApp the user clicks on a link to
> JSPWiki application. At this point, we would like to automatically
> authenticate
> the user with appropriate roles and permissions and log him into JSPWiki.
> 
> To acheive this, I have done the following but doesn't seem to work:
> 
> 1. Tomcat server.xml:
>  a. I've added a <Context> tag for JSPWiki application and <Context> tag
> for
> mainApp with crossContext=true in both.
>  b. Added a <Realm> entry as such:
>         <Realm
> className="org.apache.catalina.realm.JAASRealm"
>                             appName="JSPWiki-custom"
> 
> userClassNames="com.ecyrd.jspwiki.user.DefaultUserProfile"
>                  roleClassNames="com.ecyrd.jspwiki.auth.authorize.Role"
>                       debug="99"/>
>  c. Enabled SingleSignOn by adding the <Valve> tag within the <Host> tag
> as
> such:
>          <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
> 
> 2. Placed my login module (JAASLoginModule's) jar file JAASLoginLM.jar in
> %TOMCAT_HOME%/common/lib folder.
>    In the JAASLoginModule itself I am using HttpRequestCallback just like
> the SiteMinderLoginModule example:
> http://www.jspwiki.org/wiki/Security2.3WishList
> 
> 3. I added the entries for the login module in jspwiki.policy towards the
> end as such:
> 
> // grant LoginModule permissions
> grant codebase "file:${catalina.home}/common/lib/JaasLoginLM.jar" {
>     permission javax.security.auth.AuthPermission "modifyPrincipals";
> };
> grant codebase "file:${catalina.home}/common/lib/JaasLoginAzn.jar" {
> 
>    permission javax.security.auth.AuthPermission
> "createLoginContext.jaaslogin";
>    permission javax.security.auth.AuthPermission "doAsPrivileged";
> };
> 
> 4. In jspwiki.properties file I enabled JAAS as such:
> jspwiki.security = jaas
> 
> 5. On tomcat startup I specify the policy file and jaas file settings as
> such:
> -Djava.security.auth.login.config==C:\Program Files\Apache Software
> Foundation\Tomcat 5.5\webapps\JSPWiki\WEB-INF\jspwiki.jaas
> -Djava.security.policy==C:\Program Files\Apache Software Foundation\Tomcat
> 5.5\webapps\JSPWiki\WEB-INF\jspwiki.policy
> 
> 6. Disabled container managed authentication in
> <TOMCAT_HOME>/webapps/web.xml by commenting the <security-constraint>
> section and
> in jspwiki.properties set jspwiki.userdatabase.isSharedWithContainer =
> false
> 
>  Now, I restart the server and launch the mainApp and login. After logging
> in, I click on the link to JSPWiki
> (http://<hostname:port>/JSPWiki/Wiki.jsp)
> -
> which takes me to the main page as an "Anonymous" user.
> 
> I dont see JAAS being used. The logs do not show any debug messages from
> my
> JAASLoginModule. Instead it says -
> "Checking JAAS configuration...JAAS already configured by some other
> application (leaving it alone...)"
> 
> My security configuration verifier (SecurityConfig.jsp) says that it found
> jspwiki.jaas. It doesn't show any errors - except that it says
> "We found some errors with your configuration: Policy file does not have a
> keystore... at least not one that we can locate."
> Do I need jspwiki.jks file and an entry in policy file - keystore
> jspwiki.jks? - Currently I DO NOT have the keystore file.
> 
> Do I need to programmatically create the LoginContext and call the login()
> method in the JSP?
> My understanding was that all that would happen automatically in the
> background.
> I am sure I'm missing something.
> 
> 
> Your help is greatly appreciated!
> Thanks.
> 
> 

-- 
View this message in context: http://www.nabble.com/JAAS-with-JSPWiki-tp18096654p20213540.html
Sent from the JspWiki - User mailing list archive at Nabble.com.