Am 29.08.2014 um 15:44 schrieb Seshadri, Usha:
-----Original Message-----
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Friday, August 29, 2014 1:44 AM
To: Tomcat Users List
Subject: EXTERNAL: Re: Spnego authentication with Tomcat 7.0.55 on Linux 6.5
returns null from request.getremoteUser
On 29/08/2014 03:51, Seshadri, Usha wrote:
Hi,
I am trying to configure spnego out of the box on tomcat 7.0.55 on Linux 6.5, with
directions given at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. And
I am trying to test the configuration with a sample hello_spnego.jsp file given below.
When I load http://localhost:8080/hello_spnego.jsp, the output is "Hello null
!" The getremoteUser() seems to be returning null.
My setup:
The KDC, client (machine running firefox) and tomcat server are all on the same
domain. The client (Firefox) is on the same machine as the tomcat instance,
linux 6.5.
Here is my configuration:
So, it is out of the box tomcat 7.0.55 install, I added these files to
$CATALINA_BASE/conf:
jaas.conf
krb5.ini
appserver.keytab (copied from KDC)
I am confident the jaas.conf, krb5.ini and the appserver.keytab configurations
are correct since I have successfully tested them with the spnego library from
sourceforge ( http://spnego.sourceforge.net/spnego_tomcat.html ).
hello_spnego.jsp:
<html>
<head>
<title>Hello SPNEGO Example</title>
</head>
<body>
Hello <%= request.getRemoteUser() %> !
</body>
</html>
I copied hello_spnego.jsp to webapps/ROOT, and edited
webapps/ROOT/WEB_INF/web.xml as follows:
< login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>Tomcat Spnego example</realm-name> < /login-config>
<servlet> <servlet-name>Test</servlet-name>
<jsp-file>/hello_spnego.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>Test</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
Am I missing anything in my configuration of web.xml?
You don't have any security constraints to trigger authentication.
Mark
Mark,
Thank you for getting back to me with this information. I added a security
constraint to my web.xml, but did not specify an auth-constraint since I want
all users to have access to it. I am still getting the null return from
getremoteUser(). (Please note there are no roles/users specified in
tomcat-users.xml).
Web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>*.jsp<url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
Is there something that needs to go in the security constraint?
You have to specify a role, that that security-constraint applies to. If
you want your users to be identified, but not really authorized, you
should assign them a dummy role and test against that.
JNDIRealm has an option "commonRole" which assigns a role to every
authenticated user.
Regards
Felix
Thanks,
Usha
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
