i recently did a JASPIC plugin for OIDC. ended writing a simple authorization class that returned user roles based on the request/Principal instead of trying to add JACC
arjan tijms guide is what i used for the most part but you're right there is no decent Tomcat tutorial yet On Wed, Jun 5, 2019, 8:43 AM Mark Thomas <ma...@apache.org> wrote: > On 05/06/2019 07:14, Karen Goh wrote: > > Hi, > > > > I am trying to do JASPIC follows by JACC using Java Servlet and JSP and > maybe REST with PostgresQL > > > > > https://www.byteslounge.com/tutorials/jaas-authentication-in-tomcat-example > > > > However, I have difficulty in locating the $Catablina_base in the > external tomcat server I am using in Eclipse. > > > > Also, I went to check out the hosting company side, I can't find > Catalina_base at all also. > > For an explanation of $CATALINA_BASE > http://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt > > Unless you have deliberately split them $CATALINA_BASE == $CATALINA_HOME > > Generally, $CATALINA_BASE/conf is where you will find your server.xml file. > > > I hope someone can tell me exactly where to put the jaas.config file for > the JAAS to work. > > > > Another thing is about JASPIC. > > > > I can't find alot of tutorial regarding JASPIC. > > It isn't that widely used. It has potential but hasn't really caught on. > > > There is this guy Arjan Tijms which poses quite a fair bit of infor but > I guess my Java skills is still not good enough to understand the mechanism > of how things work. > > > > I am currently testing things out using Tomcat 9.0.4. > > I'd strongly recommend you update to the latest 9.0.x release. > > > And how does JASPIC + JACC fit into the scheme of salt based password > verification. > > > > Hope someone can give me some hints how to go about securely password > the simplest possible way based on JASPIC and JACC. Thanks. > > Why use JASPIC and JACC. Note Tomcat doesn't provide a JACC implementation. > > Perhaps take a step back. Describe the problem you are trying to solve > and maybe we can provide some pointers on how to best solve it with Tomcat. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
