I try for a long time to integrate Tomcat 5.5.17 and JAAS. I have created my LoginModule with sample provided by Internet (jaasbook website) I have created my webapp with FORM authentication I have configurated my server.xml with the Tomcat JAAS realm. I have added-Djava.security.auth.login.config=C:\ auth.conf to the Tomcat launcher.
Then authentication is OK The authorization return always HTTP 403 I see in some FAQs that there is perhaps a Bug in Tomcat on this subject (GenericPrincipal...) Do i have to configure a special policy file ?? and adding this file in the JVM with -D...What can be included in this policy file ?? Can you help me Please... Regards Fred
