Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0-a1
    • Fix Version/s: 2.0-a1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      WindowsXP, J2SE 1.4.2_03, Hsqldb, Oracle 9.2.0.1, Tomcat 4.1.29, Tomcat 5.0.24

      Description

      I've succeeded in enabling the JAAS Authentication for J2 with the RdbmsLoginModule on Tomcat 4 (4.1.29 tested).
      I will attach the patch file for this.

      I only needed to fix one thing in the SecurityProviderImpl, define the JAASRealm in Jetspeed.xml and correct the realm reference in Jetspeed web.xml, and it worked!

      I added a few user principals and their credentials to the default userinfo seeding sql script (both default and oracle scripts):
      admin/admin
      manager/manager
      user/user
      tomcat/tomcat
      jetspeed/jetspeed

      I also added three role pricipals: admin, manager, user.
      To the first three users I attached these roles:
      admin: admin, manager, user
      manager: manager, user
      user: user

      These user/role definitions are the same as I described for testing the RoleSecurityTest portlet (see the help page of that portlet).

      On Tomcat 4, we can now login using the RdbmsLoginModule and properly use the security object model.

      So far the good news.

      Now the bad and the ugly: it doesn't work on Tomcat 5!

      It turns out Tomcat 5 uses its own classloader to load JAAS login modules and thus fails to find the RdbmsLoginModule.
      Thats really bad because the security component jar cannot simply be put into the Tomcat common/lib or server/lib folder because it depends on other J2 classes also.
      So we need another solution for Tomcat 5.

      For the time being I prefer getting it working on Tomcat 4 and then finding a solution which works on both 4 and 5.

      One note for MySql users: I've modified both the default and the oracle version of populate-userinfo-for-default-psml.sql. I have the feeling the default won't work with MySql. Someone running MySql might have to look into this.

      Regards,

      Ate

        Activity

        Hide
        Scott T Weaver added a comment -

        Patch applied to to HEAD. We can create a new issue for the Tomcat 5 issues later on.

        Regards,
        Scott

        Show
        Scott T Weaver added a comment - Patch applied to to HEAD. We can create a new issue for the Tomcat 5 issues later on. Regards, Scott
        Hide
        Ate Douma added a comment -

        Multi-file patch to enable JAAS Authentication working on Tomcat 4

        Show
        Ate Douma added a comment - Multi-file patch to enable JAAS Authentication working on Tomcat 4

          People

          • Assignee:
            Unassigned
            Reporter:
            Ate Douma
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development