JAAS: Make application use Tomcat authentication settings

0
votes

Is it possible to make a web application which uses JAAS authenticate via tomcats default authentication method.

To illustrate: Tomcat uses the tomcat_users.xml for authentications. The web application has defined its own method in jaas.cfg. How do we configure the jaas.cfg in such a way that it uses the Tomcat's method in so that when the configuration in Tomcat changes the application's authentication method switches aswell.

Current config looks like this:

BonitaAuth {

  org.ow2.bonita.identity.auth.BonitaIdentityLoginModule required;

};



BonitaStore {

  org.ow2.bonita.identity.auth.LocalStorageLoginModule required;

};



BonitaAuth-default {

  org.ow2.bonita.identity.auth.BonitaIdentityLoginModule required domain="default";

  org.ow2.bonita.identity.auth.LocalStorageLoginModule required domain="default";

};



BonitaStore-default {

  org.ow2.bonita.identity.auth.LocalStorageLoginModule required domain="default";

};



/**

 * Used by the REST server

 */

BonitaRESTServer {

  org.ow2.bonita.identity.auth.BonitaRESTServerLoginModule required logins="restuser" passwords="restbpm" roles="restuser";

};
1
authenticationtomcatjaas
Did you see the answer below? Was it helpful?Michael

1 Answers

0
votes

The Tomcat user repository is defined by Tomcat Realms. The tomcat_users.xml file is used by MemoryRealm. To use your JAAS configuration (jaas.cfg) configure JAASRealm: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm

It is possible to use Java EE authentication and implement your own realm. You have 3 options:

  1. implement Tomcat Realm interface http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/Realm.html
  2. Extend RealmBase http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/RealmBase.html)
  3. Extend JAASRealm http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/JAASRealm.html

Configure your own realm in server.xml 

<Realm className="org.myrealm"/>

Tomcat will call to your authenticate method http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/RealmBase.html#authenticate%28java.lang.String,%20java.lang.String%29

In the method you can call your JAAS authentication.