Title: JAAS and TomEE

# Purpose

You want to use JAAS in TomEE with custom (or OpenEJB) LoginModules.

# Solution

TomEE tries to keep as possible as it is Tomcat so simply
configure your JAAS LoginModule as in Tomcat.

Note: only the first one will be used.

# Configuration

Add to your `CATALINA_OPTS` the `java.security.auth.login.config` system property:

    -Djava.security.auth.login.config=$CATALINA_BASE/conf/login.config

Configure your realm in server.xml file

    <?xml version='1.0' encoding='utf-8'?>
    <Server port="8005" shutdown="SHUTDOWN">
      <Listener className="org.apache.tomee.loader.OpenEJBListener" />
      <Listener className="org.apache.catalina.security.SecurityListener" />
    
      <Service name="Catalina">
        <Connector port="8080" protocol="HTTP/1.1" 
                   connectionTimeout="20000" 
                   redirectPort="8443" />
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
        <Engine name="Catalina" defaultHost="localhost">
          <!-- here is the magic -->
          <Realm className="org.apache.catalina.realm.JAASRealm" appName="PropertiesLogin"
                 userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
                 roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
          </Realm>
    
          <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true" />
        </Engine>
      </Service>
    </Server>

Configure your `login.config` file

    PropertiesLogin {
        org.apache.openejb.core.security.jaas.PropertiesLoginModule required
        Debug=false
        UsersFile="users.properties"
        GroupsFile="groups.properties";
    };


Configure your login module specifically (`users.properties` for snippets of this page for instance).

Place `users.properties` and `groups.properties` files in `$CATALINA_BASE/conf/` folder.
`users.properties` file contains user name and associated password entries, ex.:

    me=password
    tomee=tomee

`groups.properties` file specifies groups and their users, ex.:

    my-role=me
    manager-gui=tomee,me
    tomee-admin=tomee

**NOTE**: `users.properties` and `groups.properties` file names and file location are fixed. If other names are used, the files must be placed in `%CATALINA_BASE/lib/` folder instead.