jaas

I'm running Tomcat 6.0.29 and created a realm and loginmodule of my own. They are defined in server.xml like so: <Realm className="mycompany.tomcat.MyRepositoryRealm" appName="My_Realm" userClassNames="mycompany.tomcat.IdentityPrincipal" roleClassNames="mycompany.tomcat.RolePrincipal" useContextClassLoader="true"/> I have added the library containing these classes to my tomcat/lib folder. Other than that, I have not changed Tomcat from it's default configuration. When I go to fire up the Tomcat manager application at http://localhost:9080/manager/html , I can't log in and the tomcat log shows

Hey all, I'm using Tomcat 6.0.14 and would like to know to implement a system that would allow us to send users a link say mysite.com?token=12345678912334333(long string continued) but that would allow the user to be logged in automatically. kaliatech Unless you have other reasons specific to Tomcat, or you are unable to modify your web application, then it might be easiest to use a custom filter to do the authentication (JAAS or otherwise). For example: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html http://securityfilter.sourceforge.net/ With a custom filter, you could

Here is scenario : I have some web services (JAX-WS) that need to be secured. Currently for authentication needs I providing addition SecurityWService that give authorized user some userid & sessionid that is need to be described in request to other services. It would be more better to use some java security. We have many of them but could not defined what is better to use. Q1 : It is understand that I should use SSL in transport layer, but what should I use for user authorization. Is there is better way to establishing session, validating user etc. ? Here is some key description : Most web

i have some questions on using keytab for Authentication hope the kind people here can enlightend me Say, i have userA who is going to use a service running at port 1010. First, userA will login to Active Directory to authenticate himself. After login, userA will try to connect to the server to use its service 1010. In order for the server to verify that UserA is who he is, I need to use setspn to register SPN at the Active Directory. eg setspn -s service1010/mydomain.com serviceaccount1 Then need to generate ktab file at Active directory, eg ktab -a serviceprincal1010/server.domain.com@DOMAIN

I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new LoginCallbackHandler( username, password ) ); auth.login(); The file auth.conf contains the following lines: myAuth { org.jboss.security.ClientLoginModule required; }; Now, somewhere else in the code (the LoginContext auth isn't known there) I have an EJB that does a initialContext.lookup( jndiName ) and a narrow() to access a Bean on the JBoss application server. This

I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message: [08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A SECJ0129E: ... GET в null:/loginmodule/date/, Authorization failed, Not granted any of the required roles: user-role When I try configure it with ibm console it works. All configuration WAS writes into ibm-application-bnd.xmi instead of ibm-application-bnd.xml. What do I wrong? Using Websphere AS 8.5.5 with Java 1.6 ibm-application-bnd.xml: <?xml version="1.0" encoding="UTF-8"?> <application-bnd xmlns:xsi=

I've recently updated Glassfish from 3.1.2 to 4.0 and wanted to set up a JDBCRealm that I used before on my app which uses FORM based authentication. The passwords are hashed with SHA-256 in the database (that is the default Digest Algorithm option). The realm has a property that became mandatory in this Glassfish version: Password Encryption Algorithm. Quite incredibly, the official Glassfish documentation says it's optional, and the note under the input field says it is a risk to leave it empty, however you cannot leave it empty as it is mandatory. I cannot log in in my app that was working

I'd like to know how to combine these two authentication steps : check the user/password in an LDAP add principals (roles) found in a DB to the subject. The LDAP user repository have no idea about application-specific roles and I don't want to manage the passwords in the application DB. So I need both. JAAS configuration file allows to have additional LoginModules : <name used by application to refer to this entry> { <LoginModule> <flag> <LoginModule options>; <optional additional LoginModules, flags and options>; }; but I can't find example that explains how I works. Is it the good method ?