JAAS Tomcat PB..

I try to integrate JAAS with Tomcat 5.028 and JSF

I read a lot of FAQs BUT i have a pb for authorization.

My web.xml seems OK

The Login module seems OK

I always have a HTTP 403 error for bad authorization.

I launch Tomcat with 2 JVM options:

-Djava.security.auth.policy=<path to tomcat.policy>

-Djava.security.auth.login.config=<path to auth.conf>

My question are:

Is the .policy file mandatory and how to fill it ?

How to specify URLs in the file... No URLPermission class available...

How does my policy file be modified ?

grant codebase"file://C:/Program Files/Apache Software Foundation/Tomcat 5.0/webapps/realms/index.jspx" Principal * *{

permission java.io.FilePermission"/admin/admin.jspx","read";

};

Can you help me ?

[966 byte] By [fvisticota] at [2007-10-2 18:54:29]

«« How to convert console application to jar file
»» zooming an image

# 1

You might take a look at http://www.petrovic.org/blog/?p=134hthMark

msp1960ADa at 2007-7-13 20:32:19 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

# 2

Hi,you should look towards jGuard ( http://www.jguard.net) which enable easy JAAS integration into J2EE webapps on your application server (including tomcat).it provides also taglibs, URLPermission and many others things.cheers,Charles(jGuard team).

diabolo512a at 2007-7-13 20:32:19 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

JAAS Tomcat PB..

Security New Topic

Security Hot Topic

Security

All Classified