tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: JAAS roles propagation in TomEE
Date Fri, 06 Feb 2015 14:01:44 GMT
easiest is generally to share a maven project on github or any public
source code platform


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<piercarlo.beghetto@diennea.com>:
> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
> When done, I'll share that.
>
>
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 11:14
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> Hi
>
> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <piercarlo.beghetto@diennea.com>:
>> I tried.
>>
>> I started with two classes, RolePrincipal and UserPrincipal
>> implementing simply java.security.Principal
>>
>> And with conf
>>
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>            appName="custom-login"
>>            userClassNames="custom.login.module.package.UserPrincipal "
>>            roleClassNames="custom.login.module.package.RolePrincipal
>> "/>
>>
>> but it run in the same way.
>> Looking in some examples I found that alternative solution, was a try.
>>
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 10:42
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> did you extend
>> org.apache.openejb.core.security.AbstractSecurityService$User
>> and org.apache.openejb.core.security.AbstractSecurityService$Group in
>> your realm? that's the config you did but it is uncommon to do it
>> AFAIK
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <piercarlo.beghetto@diennea.com>:
>>> Hello,
>>>
>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>
>>> I think I miss a thing in the login process.
>>>
>>> I developed my custom LoginModule, configured it and seems work well.
>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login())
all works fine, realm recognize username and password and I get the user's roles setted in
the LoginModule.commit().
>>>
>>> After the login there is a redirect and in the new servlet there is no trace
of user principals or roles principals setted by login.
>>>
>>> I try
>>>
>>> -          HttpServletRequest.getRemoteUser()
>>>
>>> -          HttpServletRequest.isUserInRole()
>>>
>>> -          @RolesAllowed("someroles")
>>> But in any way I have no trace of the logged user
>>>
>>>
>>> Here are my configurations:
>>>
>>> In context:
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>>            appName="custom-login"
>>>            userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>
>>> roleClassNames="org.apache.openejb.core.security.AbstractSecurityServ
>>> i
>>> ce$Group"/>
>>>
>>>
>>> login.config (in TomEE conf folder):
>>> custom-login {
>>>    custom.login.module.package.Module required; };
>>>
>>>
>>> The custom.login.module.package.Module by spec implements
>>> LoginModule, and the principals I set on commit() operation are
>>>
>>> -          org.apache.openejb.core.security.AbstractSecurityService$User
>>>
>>> -          org.apache.openejb.core.security.AbstractSecurityService$Group
>>>
>>>
>>> Referenced by:
>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>
>>>
>>> Am I missing something? Any advice?
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews>
    [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg]
<http://twitter.com/DienneaMagNews>      [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg]
<http://www.facebook.com/pages/MagNews/197617841797>      [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png]
<http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
>> email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing!
http://www.magnews.it/newsletter/

Mime
View raw message