You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Piercarlo Alberto Beghetto - Diennea <pi...@diennea.com> on 2015/02/06 10:27:12 UTC
JAAS roles propagation in TomEE
Hello,
i'm on a JAAS authentication realm for a web application on TomEE.
I think I miss a thing in the login process.
I developed my custom LoginModule, configured it and seems work well.
When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
I try
- HttpServletRequest.getRemoteUser()
- HttpServletRequest.isUserInRole()
- @RolesAllowed("someroles")
But in any way I have no trace of the logged user
Here are my configurations:
In context:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="custom-login"
userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"/>
login.config (in TomEE conf folder):
custom-login {
custom.login.module.package.Module required;
};
The custom.login.module.package.Module by spec implements LoginModule, and the principals I set on commit() operation are
- org.apache.openejb.core.security.AbstractSecurityService$User
- org.apache.openejb.core.security.AbstractSecurityService$Group
Referenced by:
-Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
Am I missing something? Any advice?
Piercarlo Alberto Beghetto
Developer @ Diennea - MagNews
Tel.: (+39) 0546 066100 - Int. 967
Viale G.Marconi 30/14 - 48018 Faenza (RA)
[http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
[http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
________________________________
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
R: JAAS roles propagation in TomEE
Posted by Piercarlo Alberto Beghetto - Diennea <pi...@diennea.com>.
Thank you.
I did avoid that part of configuration. Coming from glassfish with same authentication model that part was not necessary.
The role check for the resources was implemented via annotations.
Anyway I try configure properly web.xml.
Piercarlo Alberto Beghetto
Analyst Developer @ Diennea - MagNews
Tel.: (+39) 0546 066100 - Int. 967
Viale G.Marconi 30/14 - 48018 Faenza (RA)
-----Messaggio originale-----
Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
Inviato: venerdì 6 febbraio 2015 18:07
A: users@tomee.apache.org
Oggetto: Re: JAAS roles propagation in TomEE
Hello
just checked quickly browsing sources but seems you didnt define any constraints in web.xml so login is then "request scoped" only (ie the form authenticator doesn't cache the principal)
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 17:17 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Here is the sample project.
>
> https://github.com/piercarlobeghetto/jaas-test
>
> thanks
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 15:02
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> easiest is generally to share a maven project on github or any public
> source code platform
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
>> When done, I'll share that.
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 11:14
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <pi...@diennea.com>:
>>> I tried.
>>>
>>> I started with two classes, RolePrincipal and UserPrincipal
>>> implementing simply java.security.Principal
>>>
>>> And with conf
>>>
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>> appName="custom-login"
>>> userClassNames="custom.login.module.package.UserPrincipal "
>>> roleClassNames="custom.login.module.package.RolePrincipal
>>> "/>
>>>
>>> but it run in the same way.
>>> Looking in some examples I found that alternative solution, was a try.
>>>
>>>
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>>
>>>
>>>
>>>
>>> -----Messaggio originale-----
>>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>>> Inviato: venerdì 6 febbraio 2015 10:42
>>> A: users@tomee.apache.org
>>> Oggetto: Re: JAAS roles propagation in TomEE
>>>
>>> Hi
>>>
>>> did you extend
>>> org.apache.openejb.core.security.AbstractSecurityService$User
>>> and org.apache.openejb.core.security.AbstractSecurityService$Group
>>> in your realm? that's the config you did but it is uncommon to do it
>>> AFAIK
>>>
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau
>>> http://www.tomitribe.com
>>> http://rmannibucau.wordpress.com
>>> https://github.com/rmannibucau
>>>
>>>
>>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>>> <pi...@diennea.com>:
>>>> Hello,
>>>>
>>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>>
>>>> I think I miss a thing in the login process.
>>>>
>>>> I developed my custom LoginModule, configured it and seems work well.
>>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>>>
>>>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>>>
>>>> I try
>>>>
>>>> - HttpServletRequest.getRemoteUser()
>>>>
>>>> - HttpServletRequest.isUserInRole()
>>>>
>>>> - @RolesAllowed("someroles")
>>>> But in any way I have no trace of the logged user
>>>>
>>>>
>>>> Here are my configurations:
>>>>
>>>> In context:
>>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>>> appName="custom-login"
>>>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>>
>>>> roleClassNames="org.apache.openejb.core.security.AbstractSecuritySe
>>>> r
>>>> v
>>>> i
>>>> ce$Group"/>
>>>>
>>>>
>>>> login.config (in TomEE conf folder):
>>>> custom-login {
>>>> custom.login.module.package.Module required; };
>>>>
>>>>
>>>> The custom.login.module.package.Module by spec implements
>>>> LoginModule, and the principals I set on commit() operation are
>>>>
>>>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>>>
>>>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>>>
>>>>
>>>> Referenced by:
>>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>>
>>>>
>>>> Am I missing something? Any advice?
>>>>
>>>>
>>>> Piercarlo Alberto Beghetto
>>>> Developer @ Diennea - MagNews
>>>> Tel.: (+39) 0546 066100 - Int. 967
>>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>>
>>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>>> ed email marketing! http://www.magnews.it/newsletter/
>>>
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>> ed email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
> email marketing! http://www.magnews.it/newsletter/
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
Re: JAAS roles propagation in TomEE
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hello
just checked quickly browsing sources but seems you didnt define any
constraints in web.xml so login is then "request scoped" only (ie the
form authenticator doesn't cache the principal)
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 17:17 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Here is the sample project.
>
> https://github.com/piercarlobeghetto/jaas-test
>
> thanks
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 15:02
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> easiest is generally to share a maven project on github or any public source code platform
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
>> When done, I'll share that.
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 11:14
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <pi...@diennea.com>:
>>> I tried.
>>>
>>> I started with two classes, RolePrincipal and UserPrincipal
>>> implementing simply java.security.Principal
>>>
>>> And with conf
>>>
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>> appName="custom-login"
>>> userClassNames="custom.login.module.package.UserPrincipal "
>>> roleClassNames="custom.login.module.package.RolePrincipal
>>> "/>
>>>
>>> but it run in the same way.
>>> Looking in some examples I found that alternative solution, was a try.
>>>
>>>
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>>
>>>
>>>
>>>
>>> -----Messaggio originale-----
>>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>>> Inviato: venerdì 6 febbraio 2015 10:42
>>> A: users@tomee.apache.org
>>> Oggetto: Re: JAAS roles propagation in TomEE
>>>
>>> Hi
>>>
>>> did you extend
>>> org.apache.openejb.core.security.AbstractSecurityService$User
>>> and org.apache.openejb.core.security.AbstractSecurityService$Group in
>>> your realm? that's the config you did but it is uncommon to do it
>>> AFAIK
>>>
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau
>>> http://www.tomitribe.com
>>> http://rmannibucau.wordpress.com
>>> https://github.com/rmannibucau
>>>
>>>
>>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>>> <pi...@diennea.com>:
>>>> Hello,
>>>>
>>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>>
>>>> I think I miss a thing in the login process.
>>>>
>>>> I developed my custom LoginModule, configured it and seems work well.
>>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>>>
>>>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>>>
>>>> I try
>>>>
>>>> - HttpServletRequest.getRemoteUser()
>>>>
>>>> - HttpServletRequest.isUserInRole()
>>>>
>>>> - @RolesAllowed("someroles")
>>>> But in any way I have no trace of the logged user
>>>>
>>>>
>>>> Here are my configurations:
>>>>
>>>> In context:
>>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>>> appName="custom-login"
>>>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>>
>>>> roleClassNames="org.apache.openejb.core.security.AbstractSecuritySer
>>>> v
>>>> i
>>>> ce$Group"/>
>>>>
>>>>
>>>> login.config (in TomEE conf folder):
>>>> custom-login {
>>>> custom.login.module.package.Module required; };
>>>>
>>>>
>>>> The custom.login.module.package.Module by spec implements
>>>> LoginModule, and the principals I set on commit() operation are
>>>>
>>>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>>>
>>>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>>>
>>>>
>>>> Referenced by:
>>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>>
>>>>
>>>> Am I missing something? Any advice?
>>>>
>>>>
>>>> Piercarlo Alberto Beghetto
>>>> Developer @ Diennea - MagNews
>>>> Tel.: (+39) 0546 066100 - Int. 967
>>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>>
>>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>>> ed email marketing! http://www.magnews.it/newsletter/
>>>
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
>> email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
R: JAAS roles propagation in TomEE
Posted by Piercarlo Alberto Beghetto - Diennea <pi...@diennea.com>.
Here is the sample project.
https://github.com/piercarlobeghetto/jaas-test
thanks
Piercarlo Alberto Beghetto
Developer @ Diennea - MagNews
Tel.: (+39) 0546 066100 - Int. 967
Viale G.Marconi 30/14 - 48018 Faenza (RA)
-----Messaggio originale-----
Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
Inviato: venerdì 6 febbraio 2015 15:02
A: users@tomee.apache.org
Oggetto: Re: JAAS roles propagation in TomEE
easiest is generally to share a maven project on github or any public source code platform
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
> When done, I'll share that.
>
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 11:14
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> Hi
>
> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> I tried.
>>
>> I started with two classes, RolePrincipal and UserPrincipal
>> implementing simply java.security.Principal
>>
>> And with conf
>>
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>> appName="custom-login"
>> userClassNames="custom.login.module.package.UserPrincipal "
>> roleClassNames="custom.login.module.package.RolePrincipal
>> "/>
>>
>> but it run in the same way.
>> Looking in some examples I found that alternative solution, was a try.
>>
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 10:42
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> did you extend
>> org.apache.openejb.core.security.AbstractSecurityService$User
>> and org.apache.openejb.core.security.AbstractSecurityService$Group in
>> your realm? that's the config you did but it is uncommon to do it
>> AFAIK
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <pi...@diennea.com>:
>>> Hello,
>>>
>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>
>>> I think I miss a thing in the login process.
>>>
>>> I developed my custom LoginModule, configured it and seems work well.
>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>>
>>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>>
>>> I try
>>>
>>> - HttpServletRequest.getRemoteUser()
>>>
>>> - HttpServletRequest.isUserInRole()
>>>
>>> - @RolesAllowed("someroles")
>>> But in any way I have no trace of the logged user
>>>
>>>
>>> Here are my configurations:
>>>
>>> In context:
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>> appName="custom-login"
>>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>
>>> roleClassNames="org.apache.openejb.core.security.AbstractSecuritySer
>>> v
>>> i
>>> ce$Group"/>
>>>
>>>
>>> login.config (in TomEE conf folder):
>>> custom-login {
>>> custom.login.module.package.Module required; };
>>>
>>>
>>> The custom.login.module.package.Module by spec implements
>>> LoginModule, and the principals I set on commit() operation are
>>>
>>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>>
>>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>>
>>>
>>> Referenced by:
>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>
>>>
>>> Am I missing something? Any advice?
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>> ed email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
> email marketing! http://www.magnews.it/newsletter/
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
Re: JAAS roles propagation in TomEE
Posted by Romain Manni-Bucau <rm...@gmail.com>.
easiest is generally to share a maven project on github or any public
source code platform
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
> When done, I'll share that.
>
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 11:14
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> Hi
>
> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> I tried.
>>
>> I started with two classes, RolePrincipal and UserPrincipal
>> implementing simply java.security.Principal
>>
>> And with conf
>>
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>> appName="custom-login"
>> userClassNames="custom.login.module.package.UserPrincipal "
>> roleClassNames="custom.login.module.package.RolePrincipal
>> "/>
>>
>> but it run in the same way.
>> Looking in some examples I found that alternative solution, was a try.
>>
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 10:42
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> did you extend
>> org.apache.openejb.core.security.AbstractSecurityService$User
>> and org.apache.openejb.core.security.AbstractSecurityService$Group in
>> your realm? that's the config you did but it is uncommon to do it
>> AFAIK
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <pi...@diennea.com>:
>>> Hello,
>>>
>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>
>>> I think I miss a thing in the login process.
>>>
>>> I developed my custom LoginModule, configured it and seems work well.
>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>>
>>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>>
>>> I try
>>>
>>> - HttpServletRequest.getRemoteUser()
>>>
>>> - HttpServletRequest.isUserInRole()
>>>
>>> - @RolesAllowed("someroles")
>>> But in any way I have no trace of the logged user
>>>
>>>
>>> Here are my configurations:
>>>
>>> In context:
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>> appName="custom-login"
>>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>
>>> roleClassNames="org.apache.openejb.core.security.AbstractSecurityServ
>>> i
>>> ce$Group"/>
>>>
>>>
>>> login.config (in TomEE conf folder):
>>> custom-login {
>>> custom.login.module.package.Module required; };
>>>
>>>
>>> The custom.login.module.package.Module by spec implements
>>> LoginModule, and the principals I set on commit() operation are
>>>
>>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>>
>>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>>
>>>
>>> Referenced by:
>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>
>>>
>>> Am I missing something? Any advice?
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
>> email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
R: JAAS roles propagation in TomEE
Posted by Piercarlo Alberto Beghetto - Diennea <pi...@diennea.com>.
Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
When done, I'll share that.
Piercarlo Alberto Beghetto
Developer @ Diennea - MagNews
Tel.: (+39) 0546 066100 - Int. 967
Viale G.Marconi 30/14 - 48018 Faenza (RA)
-----Messaggio originale-----
Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
Inviato: venerdì 6 febbraio 2015 11:14
A: users@tomee.apache.org
Oggetto: Re: JAAS roles propagation in TomEE
Hi
can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> I tried.
>
> I started with two classes, RolePrincipal and UserPrincipal
> implementing simply java.security.Principal
>
> And with conf
>
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="custom-login"
> userClassNames="custom.login.module.package.UserPrincipal "
> roleClassNames="custom.login.module.package.RolePrincipal
> "/>
>
> but it run in the same way.
> Looking in some examples I found that alternative solution, was a try.
>
>
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 10:42
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> Hi
>
> did you extend
> org.apache.openejb.core.security.AbstractSecurityService$User
> and org.apache.openejb.core.security.AbstractSecurityService$Group in
> your realm? that's the config you did but it is uncommon to do it
> AFAIK
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> Hello,
>>
>> i'm on a JAAS authentication realm for a web application on TomEE.
>>
>> I think I miss a thing in the login process.
>>
>> I developed my custom LoginModule, configured it and seems work well.
>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>
>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>
>> I try
>>
>> - HttpServletRequest.getRemoteUser()
>>
>> - HttpServletRequest.isUserInRole()
>>
>> - @RolesAllowed("someroles")
>> But in any way I have no trace of the logged user
>>
>>
>> Here are my configurations:
>>
>> In context:
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>> appName="custom-login"
>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>
>> roleClassNames="org.apache.openejb.core.security.AbstractSecurityServ
>> i
>> ce$Group"/>
>>
>>
>> login.config (in TomEE conf folder):
>> custom-login {
>> custom.login.module.package.Module required; };
>>
>>
>> The custom.login.module.package.Module by spec implements
>> LoginModule, and the principals I set on commit() operation are
>>
>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>
>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>
>>
>> Referenced by:
>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>
>>
>> Am I missing something? Any advice?
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>
>>
>>
>>
>> ________________________________
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>> ed email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
> email marketing! http://www.magnews.it/newsletter/
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
Re: JAAS roles propagation in TomEE
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
can you share a sample we can run (mvn packahe tomee:run + GET /demo
would be great)?
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> I tried.
>
> I started with two classes, RolePrincipal and UserPrincipal implementing simply java.security.Principal
>
> And with conf
>
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="custom-login"
> userClassNames="custom.login.module.package.UserPrincipal "
> roleClassNames="custom.login.module.package.RolePrincipal "/>
>
> but it run in the same way.
> Looking in some examples I found that alternative solution, was a try.
>
>
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 10:42
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> Hi
>
> did you extend org.apache.openejb.core.security.AbstractSecurityService$User
> and org.apache.openejb.core.security.AbstractSecurityService$Group in your realm? that's the config you did but it is uncommon to do it AFAIK
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <pi...@diennea.com>:
>> Hello,
>>
>> i'm on a JAAS authentication realm for a web application on TomEE.
>>
>> I think I miss a thing in the login process.
>>
>> I developed my custom LoginModule, configured it and seems work well.
>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>>
>> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>>
>> I try
>>
>> - HttpServletRequest.getRemoteUser()
>>
>> - HttpServletRequest.isUserInRole()
>>
>> - @RolesAllowed("someroles")
>> But in any way I have no trace of the logged user
>>
>>
>> Here are my configurations:
>>
>> In context:
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>> appName="custom-login"
>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>
>> roleClassNames="org.apache.openejb.core.security.AbstractSecurityServi
>> ce$Group"/>
>>
>>
>> login.config (in TomEE conf folder):
>> custom-login {
>> custom.login.module.package.Module required; };
>>
>>
>> The custom.login.module.package.Module by spec implements LoginModule, and the principals I set on commit() operation are
>>
>> - org.apache.openejb.core.security.AbstractSecurityService$User
>>
>> - org.apache.openejb.core.security.AbstractSecurityService$Group
>>
>>
>> Referenced by:
>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>
>>
>> Am I missing something? Any advice?
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>>
>>
>>
>>
>> ________________________________
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
R: JAAS roles propagation in TomEE
Posted by Piercarlo Alberto Beghetto - Diennea <pi...@diennea.com>.
I tried.
I started with two classes, RolePrincipal and UserPrincipal implementing simply java.security.Principal
And with conf
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="custom-login"
userClassNames="custom.login.module.package.UserPrincipal "
roleClassNames="custom.login.module.package.RolePrincipal "/>
but it run in the same way.
Looking in some examples I found that alternative solution, was a try.
Piercarlo Alberto Beghetto
Developer @ Diennea - MagNews
Tel.: (+39) 0546 066100 - Int. 967
Viale G.Marconi 30/14 - 48018 Faenza (RA)
-----Messaggio originale-----
Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
Inviato: venerdì 6 febbraio 2015 10:42
A: users@tomee.apache.org
Oggetto: Re: JAAS roles propagation in TomEE
Hi
did you extend org.apache.openejb.core.security.AbstractSecurityService$User
and org.apache.openejb.core.security.AbstractSecurityService$Group in your realm? that's the config you did but it is uncommon to do it AFAIK
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Hello,
>
> i'm on a JAAS authentication realm for a web application on TomEE.
>
> I think I miss a thing in the login process.
>
> I developed my custom LoginModule, configured it and seems work well.
> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>
> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>
> I try
>
> - HttpServletRequest.getRemoteUser()
>
> - HttpServletRequest.isUserInRole()
>
> - @RolesAllowed("someroles")
> But in any way I have no trace of the logged user
>
>
> Here are my configurations:
>
> In context:
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="custom-login"
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityServi
> ce$Group"/>
>
>
> login.config (in TomEE conf folder):
> custom-login {
> custom.login.module.package.Module required; };
>
>
> The custom.login.module.package.Module by spec implements LoginModule, and the principals I set on commit() operation are
>
> - org.apache.openejb.core.security.AbstractSecurityService$User
>
> - org.apache.openejb.core.security.AbstractSecurityService$Group
>
>
> Referenced by:
> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>
>
> Am I missing something? Any advice?
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>
>
>
>
> ________________________________
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/
Re: JAAS roles propagation in TomEE
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
did you extend org.apache.openejb.core.security.AbstractSecurityService$User
and org.apache.openejb.core.security.AbstractSecurityService$Group in
your realm? that's the config you did but it is uncommon to do it
AFAIK
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<pi...@diennea.com>:
> Hello,
>
> i'm on a JAAS authentication realm for a web application on TomEE.
>
> I think I miss a thing in the login process.
>
> I developed my custom LoginModule, configured it and seems work well.
> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login()) all works fine, realm recognize username and password and I get the user's roles setted in the LoginModule.commit().
>
> After the login there is a redirect and in the new servlet there is no trace of user principals or roles principals setted by login.
>
> I try
>
> - HttpServletRequest.getRemoteUser()
>
> - HttpServletRequest.isUserInRole()
>
> - @RolesAllowed("someroles")
> But in any way I have no trace of the logged user
>
>
> Here are my configurations:
>
> In context:
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="custom-login"
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group"/>
>
>
> login.config (in TomEE conf folder):
> custom-login {
> custom.login.module.package.Module required;
> };
>
>
> The custom.login.module.package.Module by spec implements LoginModule, and the principals I set on commit() operation are
>
> - org.apache.openejb.core.security.AbstractSecurityService$User
>
> - org.apache.openejb.core.security.AbstractSecurityService$Group
>
>
> Referenced by:
> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>
>
> Am I missing something? Any advice?
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] <http://twitter.com/DienneaMagNews> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] <http://www.facebook.com/pages/MagNews/197617841797> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] <http://www.magnews.it/it/iscriviti-alla-newsletter>
>
>
>
>
> ________________________________
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/