[jboss-user] [Security & JAAS/JBoss] - Tomcat 5.5 login module compatibility?
jptalberg
do-not-reply at jboss.com
Thu Feb 21 13:17:49 EST 2008
We are currently running JBoss AS 4.2.1 and having difficulty configuring the login-config.xml to use a login module that was written for tomcat 5.5.
In particular, the authentication aspect seems to be working. It only lets valid usernames/passwords through as we expect from our login module. However, our web application is not able to retrieve our custom principal object out of the request; instead we get a org.jboss.security.SimplePrincipal object.
We don't have direct access to the source code for the login module code, should AS 4.2.1 (default all configuration) be able to use a tomcat 5.5 login module without modification?
I have seen http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith which seems to state the the custom principal must have a constructor with a string username, or be installed under the Subject using a java.security.acl.group named "CallerPrincipal". I don't think our custom login module does either of these, but I could be wrong as the login-module is not under our control.
In our login-conf.xml we are specifying the following module-options for our custom login-module: appName, principalClass, userClassNames, roleClassNames. I would provide the files but they are on a non accessible network.
Any help in this matter would greatly be appreciated!
Also is there any way to turn up more debug login framework?
Thanks,
Jeff
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131178#4131178
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131178
More information about the jboss-user
mailing list