[jboss-jira] [JBoss JIRA] Resolved: (JBAS-2899) Externalize Tomcat Authenticators at the Host Level
Anil Saldhana (JIRA)
jira-events at jboss.com
Mon Aug 7 10:34:12 EDT 2006
[ http://jira.jboss.com/jira/browse/JBAS-2899?page=all ]
Anil Saldhana resolved JBAS-2899.
---------------------------------
Resolution: Done
There is a testcase for this. So if there is a breakage, we will know.
> Externalize Tomcat Authenticators at the Host Level
> ---------------------------------------------------
>
> Key: JBAS-2899
> URL: http://jira.jboss.com/jira/browse/JBAS-2899
> Project: JBoss Application Server
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Web (Tomcat) service, Security
> Affects Versions: JBossAS-4.0.4.GA
> Reporter: Anil Saldhana
> Assigned To: Anil Saldhana
> Fix For: JBossAS-4.0.5.CR1, JBossAS-5.0.0.Beta
>
>
> This issue is related to JBAS-2481. My initial discussion with Remy on customization of authenticators at the tomcat sar level or webapp level via the injection of ContextConfig into StandardContext, was not agreed. Remy advised me to utilize the route of using the "configClass" attribute on the <host> element, to provide a custom version of the ContextConfig class.
> I have tested this and it works perfectly.
> -----------------------------------------------------------------------------------------------------------------------
> <Host name="localhost"
> autoDeploy="false" deployOnStartup="false" deployXML="false"
> configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
> -----------------------------------------------------------------------------------------------------------------------
> Here is the JBossContextConfig class that I tested:
> =======================================================================================
> public class JBossContextConfig extends ContextConfig
> {
> /**
> * Create a new JBossContextConfig.
> */
> public JBossContextConfig()
> {
> super();
> try
> {
> Map authMap = this.getAuthenticators();
> if(authMap.size() > 0)
> customAuthenticators = authMap;
> }catch(Exception e)
> {
> throw new IllegalStateException("Failed to customize authenticators::" +
> e.getMessage());
> }
>
> }
>
> private Map getAuthenticators() throws Exception
> {
> Map cmap = new HashMap();
> ClassLoader tcl = Thread.currentThread().getContextClassLoader();
> Authenticator basic = (Authenticator)tcl.loadClass("org.apache.catalina.authenticator.SSLAuthenticator").newInstance();
> Authenticator clientCert = (Authenticator)tcl.loadClass("org.apache.catalina.authenticator.BasicAuthenticator").newInstance();
> Authenticator digest = (Authenticator)tcl.loadClass("org.apache.catalina.authenticator.DigestAuthenticator").newInstance();
> Authenticator form = (Authenticator)tcl.loadClass("org.apache.catalina.authenticator.FormAuthenticator").newInstance();
> Authenticator none = (Authenticator)tcl.loadClass("org.apache.catalina.authenticator.NonLoginAuthenticator").newInstance();
>
> cmap.put("BASIC",basic);
> cmap.put("CLIENT-CERT",clientCert);
> cmap.put("DIGEST",digest);
> cmap.put("FORM", form);
> cmap.put("NONE", none);
> return cmap;
> }
> }
> ======================================================================================================
> When I enabled jmx-console security, the error message in the browser:
> HTTP Status 400 - No client certificate chain in this request
> As you can see from the code above, I interchanged the authenticators for BASIC and CLIENT-CERT and default jmx-console security is BASIC. So
> the SSLAuthenticator has kicked in.
> This JIRA tasks involves writing a MBean service that provides the configurable map of authenticators, which the JBossContextConfig will solicit.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list