on 06-21-2005 11:45 PM
Does anyone know how JAAS is implemented inside the server? I'm curious about the entry point for JAAS configuration.
I have been attempting to deploy a Web app that uses JAAS. The app calls JAAS config in the normal (Sun) way, but the config information is not getting to the JAAS code.
I wonder if NetWeaver's implementation is proprietary or unusual in some way.
Please respond with relevant experiences, theories, or opinions. The ultimate goal is to offer single signon (for JAAS and UME) for deployed apps and portlets. I welcome thoughts on that as well.
James Walkup
MomentumSI Inc.
Austin, Texas, USA
Hi,
when you set up the LoginModule in the VisualAdministrator you can specify additional properties under options which are key-value pairs.
I guess that's what you are looking for.
Regards, Astrid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am new to SAP.
I am trying to use com.sun.security.auth.module.Krb5LoginModule as the LgoinModule in my application, but cannot find the way to set JAAS configure information for my application. I search the forum many times using different keywords, but still cannot find a way to set it. I've already used the VisualAdministrator to add the Krb5LoginModule in to the system. The only thing I am sure now is that java.security.auth.login.config property doesn't work in SAP.
Here is my test jsp code:
LoginContext lc = null;
try {
lc = new LoginContext("com.businessobjects.security.jgss.initiate", handler);
}
catch (Exception le) {
out.println("Cannot create LoginContext. " + le.getMessage() );
}
Here is the content of the JAAS configure file:
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required;
};
BTW, on Tomcat, Weblogic and Websphere, I set the configure file through java.security.auth.login.config. (e.g. -Djava.security.auth.login.config=c:/jass.conf)
On Oracle, I add the info into jazn-data.xml like follows, (because Oracle ignores java.security.auth.login.config too):
<application>
<name>com.businessobjects.security.jgss.initiate</name>
<login-modules>
<login-module>
<class>com.sun.security.auth.module.Krb5LoginModule</class>
<control-flag>required</control-flag>
</login-module>
</login-modules>
</application>
So, SAP is the only Java Application Server that I cannot get it to work with my application.
Any comments and ideas are welcome.
Thanks in advance!
Regards,
Mi
It seems to ignore configuration files.
I suposse the name of the application that you are trying to make work isn't com.businessobjects.security.jgss.initiate.
Try to add the login module to your application component in the security provider service, not the name of the application you have in the config file, the name of the real application you are deploying (which appears too in the left list of components). This at least supossed a little difference to me.
I'm trying to make a little application works. It has two parts: a little client and a server part which runs on a jboss server, and comunicates between them using JAAS + SSL.
It's a compiled application, so I cannot debug it, only the jdk classes it calls. It uses an "auth.conf" file. The client is a little class that works perfectly alone if I run it in a java project, without the messing sap JAAS implementation.
I followed all the steps in:
https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF
and managed to apply the configuration into the security service of WAS, using <b>jboss-client.jar</b> as the library with the login module, and <b>org.jboss.security.ClientLoginModule</b> as the login module.
I'm trying to include the client class into a web service developed for my WAS, packing the class and its library with my ear.
But when it tries to do the authentication, sometimes it uses:
<b>org.jboss.security.ClientLoginModule</b> (that's the correct class) but throws a "<b>User is locked</b>" exception.
Have I need to create the user who I use to connect to jboss in my WAS UME ? This has no much sense. Anyway doesn't work either, and the user is not locked.
Other times (withouth changing anything) it uses:
<b>com.sap.engine.system.SystemLoginModule</b> and throws this exception:
<b>com.sap.engine.services.security.exceptions.BaseLoginException</b>: Call logout before login
I'm desperate. I'm having nightmares trying to integrate things which works in every application server in WAS. Why couldn't they simply follow the standard!?!?
I'm thinking in installing a tomcat with the client, and use axis to wrap it with a proxy I can consume from my WAS. But I think this is an horrible solution.
Any idea? I can't go forward.
Hi,
have you seen <a href="http://help.sap.com/saphelp_nw04/helpdata/en/7a/2b3fb980dca742af1949d2d9f896b9/frameset.htm">this</a> piece of documentation? This is good starting point to JAAS on Web AS Java.
Regards,
Ivo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
These resources discuss Custom Login modules, etc.
https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF
pp. 8-13 apply to JAAS
https://media.sdn.sap.com/public/eclasses/teched04/SCUR352_files/fdeflt.htm
Just now, I'm curious about how to modify Web AS's internal JAAS configuration info. Passing in config info as Java system properties (java.security.auth.login.config) apparently does not affect the server.
Does anyone know if it's possible to pass JAAS config info for a specific application -- or to modify the server's repository (props file or DB or ??)?
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.