[jboss-user] [Security & JAAS/JBoss] - Tomcat 5.5 login module compatibility?

jptalberg do-not-reply at jboss.com
Thu Feb 21 13:17:49 EST 2008

We are currently running JBoss AS 4.2.1 and having difficulty configuring the login-config.xml to use a login module that was written for tomcat 5.5.

In particular, the authentication aspect seems to be working.  It only lets valid usernames/passwords through as we expect from our login module.  However, our web application is not able to retrieve our custom principal object out of the request; instead we get a org.jboss.security.SimplePrincipal object.

We don't have direct access to the source code for the login module code, should AS 4.2.1 (default all configuration) be able to use a tomcat 5.5 login module without modification?

I have seen http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith which seems to state the the custom principal must have a constructor with a string username, or be installed under the Subject using a java.security.acl.group named "CallerPrincipal".  I don't think our custom login module does either of these, but I could be wrong as the login-module is not under our control.

In our login-conf.xml we are specifying the following module-options for our custom login-module: appName, principalClass, userClassNames, roleClassNames.  I would provide the files but they are on a non accessible network.

Any help in this matter would greatly be appreciated!

Also is there any way to turn up more debug login framework?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131178#4131178

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131178

More information about the jboss-user mailing list