2012/8/24 Enrico Olivelli <eolive...@gmail.com>: > Hi, > I was trying to use JAASRealm and I noticed that it is possibile to bundle > my LoginModule with the webapp (useContextClassLoader) but it is not > possibile to bundle a login.properties files > > // this constructor uses default JVM JAAS Configuration > // from JAASRealm.java > loginContext = new LoginContext(appName, callbackHandler); > > // the constructor I would like to be used > URI = URI that gets a .properties file thru the classloader of my app > ConfigFile file = new ConfigFile(URI); > loginContext = new LoginContext(appName, callbackHandler,...,ConfigFile); > > can you add a configuration property for that realm in order to configure a > JAAS ConfigFile ? > in this way I can bundle my login.properties file inside the app or in some > JAR to be distributed >
OK. I do not have plans to implement this by myself, but I like the idea. You can file an enhancement request in Bugzilla. If you prepare a patch, you can attach it there. Several notes: 1). The order of parameters in LoginContext constructor that you are proposing to use is different from what you wrote above and is new LoginContext(appName, subject, callbackHandler, configuration); With subject=null and configuration=null it falls back to current behaviour of new LoginContext(appName, callbackHandler); 2). ConfigFile belongs to "com.sun.security.auth.login" package which is not part of the public API. As thus, it cannot be used in Tomcat as compile-time dependency. It can be created only via reflection. 3) ConfigFile is just one possible implementation of Configuration. Someone may use others. 4) You should not create a new instance of configuration on each call to authenticate(), because I expect that to be slow. It should be created only once. 5). It would be nice if you could provide sample web application that demonstrates the feature. It would be even better to provide a testcase, but I think a testcase might be harder to implement. 6). It would be nice if a patch included update for documentation. The documentation for JAASRealm is in webapps/docs/config/realm.xml and webapps/docs/realm-howto.xml As a quick fix / proof of concept the following is possible: 1. I think you can subclass JAASRealm and replace its authenticate() method by your own. 2. Creation of LoginContext instance could be extracted into a factory method in Tomcat's JAASRealm. That way you (in a subclass) could use whatever you want to configure a new LoginContext instance. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
