Hi Erveryone.
I have a problem using the glassfish security manager with JAAS.
What I want to do is writing an form-based login and then a rolebased access
to the webressources.
I wrote a Servlet, which takes a username and a password from a webpage and
passes them to a logincontext.
I wrote a loginmodule for JAAS and I wrote a cusomreaml for the glassfish,
just like the example of the glassfish-page (HYPERLINK
"
http://developers.sun.com/appserver/reference/techart/as8_authentication/in
dex.html"
http://developers.sun.com/appserver/reference/techart/as8_authentic
ation/index.html)
Im using the a glassfish 9.x and so I took this part of the page.
Everything works fine. I got an instance of the class subject and within
this instance some principals (in the case the login was successful)
Now I tried to secure some JSPs with the deployment descriptors, using the
well described Xml-Tags.
But when I request the secured JSP, i cant, because, the security-manager
denied. It seemed, that my Instance of the subject isn’t known by the
applicationserver. But there is no way decribed in the documents I read, how
to tell the applicationserver of my JAAS-subject. I tried to pass it to a
HTTPSession within the login-servlet, but it don’t works. Within my secured
JSP, I don’t receive the role, my subject is the owner from. (I think,
because there is no subject anymore – there must be a way, to pass the
subject to the Applicationserver, but otherwise I thought, that’s what the
Glassfishrealm does)
Another Problem is, that I don’t se, how to make a logout, because I loose
my logincontext, when switching to another Page.
Perhaps somebody is kind enough to help me. I’m almost going crazy.
Greetings from Germany, Per Violet
--
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.10.2/890 - Release Date: 07.07.2007
15:26