realm

Tomcat: setup realm for authentication to use Windows users

I'd like to setup Tomcat on Windows and have authentication in my web application be done against the Windows users (or a subset of those users). I read that if you have users setup on Active Directory, you can use the JNDI realm. What if you don't have Active Directory, but just have "simple Windows users" setup on the server? Is it po...

Java Web Application: Using a custom realm

Hello, I'm writing a java web application which need to perform login through a webservice. Of course, none of the realms supplied with the application server I'm using (glassfish v2) can do the trick. I therefore had to write my own. It seems however, that the realm implementation that I wrote is completely tied to glassfish and cannot...

Tomcat: Implementing java.security.Principal

I am trying to create a custom realm in Tomcat. My problem is that there is a SessionAttributeListener as part of the framework which checks to see if any object added to the session is serializable, and if it isn't it causes problems... like invalidating the session. Because org.apache.catalina.realm.GenericPrincipal is not serializab...

How to setup Tomcat web.xml and context.xml for 2 different (user and admin) authentication

Here's my situation: I want stuff under mysite/customer/* to require form-based authentication before access (login via mysite/customer/login.jsp, with its own user_password table and role. ) BUT I want stuff under mysite/admin/* to require another form-based authentication before access (login via mysite/admin/login.jsp, with ano...

How to log out user from web site using FORM authentication?

I am using FORM authentication, together with Realm. I would like to know how can I log out. The only solution so far is to close browser, but that's not acceptable from the usability standpoint. SOLUTION As pointed by the accepted answer ((HttpServletRequest) request).getSession().invalidate(); ...

How to check if FORM Realm authentication failed?

I use FORM Authentication. <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/loginPage.jsp</form-login-page> <form-error-page>/loginPage.jsp</form-error-page> </form-login-config> </login-config> I would like to use the same JSP for my form-login-page and form-error...

Implement a Tomcat Realm with LDAP authentication and JDBC authorization

I'm working in a legacy environment where an LDAP server is used only for authentication and contains no roles, and authorization is done against a database which contains the user-role mapping, but no passwords. My plan is to implement a new Tomcat Realm by extending JNDIRealm, and overriding the role methods to call an encapsulated JD...

Tomcat 6.0 manager authentication via JDBC realm

I wanted to configure Tomcat6.0 authentication via JDBC realm Configuration.** I checked following: -All my "users" and "roles" are stored in MySQL database. -MySQL JDBC drives are in tomcat\lib directory -Tomcat-user-xml is modified for such realm as below <-Realm className="org.apache.catalina.realm.JDBCRealm" driverName...

Legacy application with JDBC and JNDI REALM authentication

Hello All, My application currently relies on JDBC realm authentication. Recent needs have forced us to think about having LDAP authentication as well. We are thinking about using Active Directory for both authentication as well as authorization (roles). As a standalone test, I was able to authenticate my application with AD. But here i...

Glassfish authentication : can the realm be an external database

Hello I am completely new to login and authentication concepts. I am working on a Glassfish web application that should present general content to any visitor, and some extra content for registered users logged in with username and password. I have been reading the Java EE tutorial about security, and I thought that the Form-based or H...

Howto configure a JDBC realm for container managed security with tomcat?

Hi, I want to configure tomcat / my web application to use a JDBC realm for container managed security. I specified the realm inside tomcat's server.xml file like this: <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="net.sourceforge.jtds.jdbc.Driver" connectionURL="jdbc:jtds:sqlserver://hostname:1433/intranet;user=sa...

redirect the user once logged in to the requested page

Hi I have a form realm authentication with which i am securing a directory "secureUser" well my question is: - How i can redirect the user once logged in to the requested page the details: - now i can log on a user using this (login.jsp) <form action="j_security_check" method="POST" id="login_from"> <p> <input ty...

Tomcat 6 customized Realm

Hi, I'm trying to write my own Realm to authenticate my users. I have written a class extending org.apache.catalina.realm.RealmBase, compiled to a .jar file and put it in the /lib library. Then I added this to server.xml: <Realm className="wstest.tomcat.security.MyRealm" resourceName="myrealm"/> Tomcat doesn't seem to "se...

How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="user...

Tomcat 6 Realm Config with Windows AD

We have Tomcat 6 connecting to a Win2k3 Server running AD. The realm is configured as such <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow" connectionURL="<url>" connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" connectionPassword="<pwd>" userBase="OU=Users,DC=com...

Custom realm/starting Tomcat 6.0 from Netbeans 6.8/first HTTP request

I'm using NetBeans 6.8 and Tomcat 6.0.xx. I've created a custom realm and updated the NetBeans project build.xml to deploy the realm to Tomcat. When I debug the project, NetBeans starts the Tomcat server and makes an initial HTTP GET request for 'manager/list'. Tomcat graciously hands this request off to my custom realm for authentica...

Accessing secure restful web services using jersey client

I have created web services based on Jersey (auto generated via Netbeans). I have also created a user names “testClient” with password “secret” and created User group “Users” and used file Realm using glassfish 3.0.1 admin console. I have also mapped web.xml and sun-web.xml accordingly. My web services are secured successfully; as I a...

com.ibm.websphere.security.WSSecurityException: the realms do not match

I'm getting this exception when trying to access a JAX-WS webservice running on the same WAS 7.0 server as the client. Caused by: javax.xml.ws.WebServiceException: java.io.IOException: Unable to deserialize the Subjects in this Context, cause: the realms do not match I have a realm set up for user authentication and this call works fi...

Java Application with Multiple JAAS Security Realms

Hi, I was wondering if it was possible to have a Java EE application with multiple JAAS security realms. I'm currently developing an application in which some users need to be authenticated with data stored in a database, while other users need to be authenticated through an LDAP bind. So I created 2 security realms in glassfish 3.1...

Two realms in same application with Spring Security?

We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is done over OpenID with Spring Security. That works fine. However, the application also comes with an admin UI that is deployed at <host>/<context...