Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / August 2003

Tip: Looking for answers? Try searching our database.

JAASRealm and Tomcat problem

Thread view: 
Enable EMail AlertsStart New Thread
Paula Hollander - 14 Aug 2003 03:12 GMT
Hi there,

I have set up a JAASRealm for a JAX-RPC web app in Tomcat 4.1.24
(embedded in Sun's JWSDP1.1), setting
userClassNames="com.tagish.auth.win32.typed.NTUserPrincipal" and
roleClassNames="com.tagish.auth.win32.typed.NTGroupPrincipal".

Calling ServletEndpointContext.getUserPrincipal() returns the first
group principal instead of the user principal.

I know that the tagish login module is returning the right information
because at one stage I implemented application managed security and
output the principal class names and values from the subject returned
to the login context.

So... does anyone know if Tomcat is the beast at fault (if so, bug
#9944 that was _supposed_ to be fixed in 4.1.6 is back) or am I doing
something fundamentally wrong??

Your help will be very appreciated!!
Reply to this Message
Paula Hollander - 15 Aug 2003 07:55 GMT
Please disregard my previous post.

Further investigation has uncovered that the version of Tomcat used in
JWSDP1.1 is in fact 4.1.2 (which suffers from bug #9944). I will
obviously now deploy my test web service to an installation of Tomcat
4.1.24 and see what new problems await me!

But, from the lack of responses to my first post, am I correct in
guessing that not many people are using the JAAS realm in Tomcat? Is
anyone willing to discuss the merits or otherwise of using JAAS???

> Hi there,
>
[quoted text clipped - 16 lines]
>
> Your help will be very appreciated!!
Reply to this Message
Gilbert Pilz - 16 Aug 2003 23:07 GMT
> But, from the lack of responses to my first post, am I correct in
> guessing that not many people are using the JAAS realm in Tomcat? Is
> anyone willing to discuss the merits or otherwise of using JAAS???

"JAAS and Tomcat" is a topic that interests me, but I am just getting
started so I may not be able to contribute much to the conversation.

I am trying to build a B2B framework on top of Tomcat. I need to
authenticate the clients over SSL using their client-side cert. I want
to do some of my own checking of the cert before I allow the SSL
handshake to complete. When all is said and done I want to represent the
client's identity within Tomcat using something that implements
java.security.Principal. Does anybody have any experience with this sort
of thing? Any pointers, references, hints, etc. would be greatly
appreciated.

- gilbert
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.