The Jakarta Project The Jakarta Slide Project

Main

User's Guide

Administrator's Guide

Programmer's Corner

Configuring the JAAS LoginModule for Slide 2.1

Caution: This configuration applies to Slide 2.x, x>0 only as the JAAS LoginModule is not part of the Slide 2.0 release

For general info on JAAS see the JAAS Authentication Tutorial and the reference guide.

Sources can be found in the CVS in the proposals section. There is no build target, yet.

Tomcat

Tomcat provides a JAASRealm for this. So the first step is to configure the webapp context to use it. Realms can be defined at any container level (i.e. nested inside Engine, Host and Context). So find an appropriate spot for your application and drop in the following configuration:

	
  <Realm className="org.apache.catalina.realm.JAASRealm"
         appName="slide_login" 
         userClassNames="org.apache.slide.jaas.spi.SlidePrincipal" 
         roleClassNames="org.apache.slide.jaas.spi.SlideRole" 
         debug="99"
  />

JAAS configures itself using a configuration provider. The default jaas configuration provider attempts to locate its configuration file by looking at - among other things - the java.security.auth.login.config system property. In Tomcat you can pass this information by setting the CATALINA_OPTS environment variable:

export
CATALINA_OPTS=-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas
.config

The jaas.config file lists one or more login module configurations. In order to use SlideLoginModule the following configuration should suffice:

// sample login config file for the Jetty SlideLoginModule
slide_login {
org.apache.slide.jaas.spi.SlideLoginModule required
namespace=slide;
};

Place it in $CATALINA_HOME/conf/jaas.config or wherever you said it would be in the previous step.

Notice that this login module is named 'slide_login', this is the name that must be referenced by the appName attribute in the JAASRealm configuration above. The namespace property names the namespace the LoginModule will load users from. If not present the default namespace will be used as defined in slide's domain configuration file.

Last step is - if you hadn't done it already - to configure security-constraints in web.xml of you application.

That should be it. Note that there is no need to go juggling about with putting jars in different places where catalina system classloaders can find it. (I remember having to move around a lot of jars when configuring the SlideRealm before.) Just dropping the slide.war and configuring the Realm appears to be enough.

You can find more information about JAASRealm in the Realm documentation page for Tomcat 5.

Jetty

Jetty provides JAAS support via its optional "Jetty plus" package. Actually, the only thing you will need from that is the org.mortbay.jaas.jar which you can find in extra/lib directory of the current Jetty distribution. And off course a jaas.jar if you are running within a pre jre 1.4 environment.

To configure Jetty to use the JAASUserRealm it provides JAAS integration through you should nest the following configuration snipped inside the addWebApplication Call of your jetty configuration file:

	
    <!-- the JAAS realm -->
    <Set name="Realm">
      <New class="org.mortbay.jaas.JAASUserRealm">
        <Set name="Name">Slide JAAS Realm</Set>
        <Set name="LoginModuleName">slide</Set>
        <!-- change the below settings if you have custom
implementations
        <Set name="RoleCheckPolicy">
          <New class="org.mortbay.jaas.StrictRoleCheckPolicy"/>
        </Set>
        <Set name="CallbackHandler">
          <New
class="org.mortbay.jaas.callback.DefaultCallbackHandler"/>
        </Set>
        -->
      </New>
    </Set>

Again, make sure the you define where JAAS can find the login configuration file:

-Djava.security.auth.login.config=whereever/jetty/conf/login.config

More information about configuring Jetty with JAAS can be found at the Jetty plus documentation page.


Copyright © 1999-2004, Apache Software Foundation