Thanks Charles and John, you were both a great help!!! I got it working now.
Cheers Joe -----Original Message----- From: John McPeek [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 19, 2006 6:50 PM To: Tomcat Users List Subject: Re: Custom JAAS LoginModule not authorizing GenericPrincipal roles Hi Joe, This is my commit(). I think you are missing the User Principle. When you say request.getUserPrincipal(), that token (1) I am putting in first comes back. The Principles you add after that are the roles you want to test against. This stuff drove me nuts when I was setting it up. Hope that does it for you. John public boolean commit() throws LoginException { log.debug( "Commit login." ); if ( token != null ) { if ( subject.isReadOnly() ) { throw new LoginException( "Subject is Readonly" ); } ****** (1) Add User Priciple first ************* subject.getPrincipals().add( token ); List<Permission> permissions = token.getPermissions(); Set<Principal> jaasPermissions = subject.getPrincipals(); for ( Permission permission : permissions ) { jaasPermissions.add( permission ); } } token = null; return true; } >I'm trying to use my own LoginModule. Its is successfully authenticating >my username but the problem is when its trying to authorize my roles. > >Tried: >1. Here is the code snippet from my LoginModule commit method. >Code: > > List roles = new ArrayList(); > roles.add( "tomcat_auth_role" ); > GenericPrincipal gp = new GenericPrincipal(null, username, null, >roles); > subject.getPrincipals().add(gp); > >3. Added following to server.xml: >Code: > > <Realm className="org.apache.catalina.realm.JAASRealm" > appName="Tomcat" > >userClassNames="org.apache.catalina.realm.GenericPrincipal" > >roleClassNames="org.apache.catalina.realm.GenericPrincipal" > useContextClassLoader="true" > debug="2"/> > >3. Added following to web.xml: >Code: > > <auth-constraint> > <role-name>tomcat_auth_role</role-name> > </auth-constraint> > >Any help would be greatly appreciated. > >Cheers >Joe > >----------------------------------------------------------------------- ------- > >This email is confidential and may be legally privileged. > >It is intended solely for the addressee. Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized. > >If you are not the intended recipient, any disclosure, copying, distribution or any action omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender, delete this e-mail and destroy all copies. > >======================================================================= ======= > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ------------------------------------------------------------------------------ This email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender, delete this e-mail and destroy all copies. ============================================================================== --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
