[jboss-user] [Security & JAAS/JBoss] - problem creating a new tomcat authentication method

[antoniofer]

Hello,

I'm trying to create a new web authentication method following the next procedure:

- based on FormAuthenticator.java i've coded a new class (well, i've just copied FormAuthenticator but with different name in order to prevent errors)
- added the line CUSTOM=<<my custom class>> in Authentication.properties
- in web.xml, added the line <auth-method>CUSTOM</auth-method> (and all the necessary ones to protect the web resources)

I'm using a simple application based on JSP pages to test my configuration but get a HTTP/403 Configuration error. 

This is the error page I get:

type Status report

message Configuration error: Cannot perform access control without an authenticated principal

description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.


I've tried to "cheat" JBoss to test my class:
- changed in authentication.properties the line FORM=org.jboss.etc... with FORM=<<my custom class>>
- now the application's web.xml has the next line: <auth-method>FORM</auth-method> 

Everything goes fine in this case, but I would like to add this new authentication method instead of modifying the FORM method.

Somebody knows what is happening?

Thanks in advance,

Antonio

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4080446#4080446

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4080446