Hi:
I am trying to implement authentication and authorization using JAASRealm.
(I am following the instruction provided at -
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html).

I have the following issue -
I have created a class extending Principal for the role. I am setting the
right name of the role (which I fetch from DB) and add the class to Subject.
I have also made entries in server.xml as follows (i set debug to 0 hoping
for more debug info) -
<Realm className="org.apache.catalina.realm.JAASRealm"          
            appName="TMSLogin"    
    userClassNames="tms.core.authentication.TMSPrincipal"
    roleClassNames="tms.core.authentication.TMSRoles"
                debug="0"/>

my entry in web.xml is the following -
<security-constraint>
      <display-name>AdminConstraint</display-name>
      <web-resource-collection>
         <web-resource-name>TMSAdmin</web-resource-name>
         <description>Only for administrators</description>
         <url-pattern>/admin/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
         <description/>
         <role-name>ADMIN</role-name>
      </auth-constraint>
  </security-constraint>
   
   
    <security-role>
      <description>ADMIN</description>
      <role-name>ADMIN</role-name>
    </security-role>

the getName() of the TMSRoles instance returns "ADMIN", which should allow
url /admin/*.

However, I am still getting HTTP 403.

Please help.

thanx
Shahab
--
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)