[jboss-user] [Security & JAAS/JBoss] - Re: Tomcat 5.5 login module compatibility?

[jptalberg]

Thanks for the pointer on how to enable debug.

We actually were in the process of decompiling the byte code in the jars already.

This is what we've found.  The libraries are definitely geared towards Tomcat 5.5.  They implement a custom LoginModule, but they also rely on a custom JAASRealm which extends org.apache.catalina.realm.RealmBase.  Further the custom principal they are creating from their Realm extends org.apache.catalina.realm.GenericPrincipal.

Is there any way to configure the default AS 4.2.1 to use this Tomcat 5.5 module/realm without requiring modification to the source code?  Our big dilemma, is that the LoginModule and Realm our outside our control; and further there is a development jar and a production jar which have essentially the same configurations but different behavior -- so us modifying the development one and testing with it will not necessarily help us be ready for production.  We'd much rather figure out how to configure the security without needing modification to security modules we are being provided.

We have been able to configure the login module, and it seems to be working.  But we aren't sure how to configure in the Realm, or if you even can.  Ultimately what we need is to be able to get the Custom Principal object back from request.getUserPrincipal().

Thanks for your help!

Jeff

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131658#4131658

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131658