The JSPWiki team has done something into the same direction. I tested the deployment of Andrews implementation and collected a checklist. It's not exactly what you are asking for but it could help to inspire you where look for errors.
http://wiki.jcrud.org/jcrud/Wiki.jsp?page=ChecklistForContainerManagedAuthentication (AAA stands for "Authentication And Authorization") Have fun Rolf > It is strange that it is so quiet about this issue. > I can't be the only one who gets affected, many projects must have come > across this. > > Thank you > > > On 4/18/06, Chapoor Chapoor <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> I m stucked in a security authentication/authorization issue, which I >> hope >> you have some advice for me. >> >> In simple words, I want to use the Web container security (for >> authorization) together with my own JAAS implementation (for >> authentication). >> >> How to achieve this ? >> >> I don't want to use the BASIC, FORM, CLIENT-CERT etc auth-methods. I >> want >> to by pass these and hit my JAAS login model. >> The reason is that we collect user information in different way, by an >> exchange with the user in a front filter. >> >> I cant get this to work, even though that I have configured my >> loginmodule, user, role and configured the JAASRealm in Tomcat, >> >> This is how I want to do it (in theory). >> 1. User enters a URL (e.g. /mycontext/cars/), >> 2. The SecFilter gets triggered, which ends by exchanging user >> information, >> 3. The MyLoginModule gets called with user information >> 4. User is been looked up and get assigned a User/Role Principals. >> 5. Login is OK >> 6. Now the web container security can take place and checks in web.xml >> if >> this user is-in-role to call /cars url. >> >> I've searched the entire web but could not see any good article about >> this. Am I the only one who wants to by-pass the auth-methods but still >> can >> provide good authentication and "standard" web-authorization. >> >> (I've seen some work-around such as: >> http://www.kopz.org/public/documents/tomcat/jaasintomcat.html but this >> is >> a work-around, which I dont like). >> >> >> >> Please advice, >> >> >> Thank you for reading, and sorry for the long email. >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
