My bet is that Mark will get will get 95% of the way there but not be
able to bend container-managed security that last little bit to achieve
what he needs.
I don't want to be deliberately down on this and I'd love to be wrong
about it, but I've been there and done that in Tomcat 5 and JBoss and
came up short.
In fact, Craig posted a link to a Sun colleague of his who is looking at
the next Servlet spec and [quote]:
# Improved Security - This has been an area where we have wanted to
refine for sometime. This may includes APIs for programatic login.
Mark, I thought you might want to leave comments when you're done with
what you're doing, since it will be fresh in your mind (I added comments
just yesterday but the programming was something I did over a year ago)
http://weblogs.java.net/blog/gmurray71/archive/2005/07/got_servlets.html
Adam
[EMAIL PROTECTED] on 09/08/05 22:04, wrote:
Thanks Craig.
Well Mark, I'd be interested in hearing how it turns out. Good luck.
Erik
-----Original Message-----
From: Craig McClanahan <[EMAIL PROTECTED]>
Sent: Aug 9, 2005 4:42 PM
To: Struts Users Mailing List <user@struts.apache.org>, [EMAIL PROTECTED]
Subject: Re: Last question on JAAS I promise
On 8/9/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I found my login-config.xml. Suddenly I fear that I had this working in JBoss
but not stand-alone Tomcat, but yet I *know* I was calling isUserInRole. At the
same time, I remember the propagation problem between Tomcat and JBoss, and
this config is definitely for JBoss. But isUserInRole would definitely be a
Tomcat thing . . . Damn!
<application-policy name="mysqldb">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="unauthenticatedIdentity">anybody</module-option>
<module-option name="dsJndiName">java:/MySQLDB</module-option>
<module-option name="principalsQuery">SELECT password FROM auth_user WHERE
username = ?</module-option>
<module-option name="rolesQuery">SELECT group_name, 'Roles' FROM auth_group,
auth_user_group, auth_user WHERE auth_group.group_id = auth_user_group.group_id AND
auth_user_group.user_id = auth_user.user_id AND auth_user.username = ?</module-option>
</login-module>
</authentication>
</application-policy>
Erik
Tomcat has reasonably good documentation about how to configure
container managed security. For Tomcat 5.0, it's at:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
Because it looks like you have your users in a database, you'll want
to focus on setting up a JDBCRealm configuration. If you need further
help on it, asking on the Tomcat User list is a good bet (to
subscribe, send an empty message to
<[EMAIL PROTECTED]>).
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
