content/tomee-jaas.mdtext - tomee-site - Git at Google

 Title: JAAS and TomEE

 # Purpose

 You want to use JAAS in TomEE with custom (or OpenEJB) LoginModules.

 # Solution

 TomEE tries to keep as possible as it is Tomcat so simply
 configure your JAAS LoginModule as in Tomcat.

 Note: only the first one will be used.

 # Configuration

 Add to your `CATALINA_OPTS` the `java.security.auth.login.config` system property:

     -Djava.security.auth.login.config=$CATALINA_BASE/conf/login.config

 Configure your realm in server.xml file

     <?xml version='1.0' encoding='utf-8'?>
     <Server port="8005" shutdown="SHUTDOWN">
       <Listener className="org.apache.tomee.loader.OpenEJBListener" />
       <Listener className="org.apache.catalina.security.SecurityListener" />

       <Service name="Catalina">
         <Connector port="8080" protocol="HTTP/1.1"
                    connectionTimeout="20000"
                    redirectPort="8443" />
         <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
         <Engine name="Catalina" defaultHost="localhost">
           <!-- here is the magic -->
           <Realm className="org.apache.catalina.realm.JAASRealm" appName="PropertiesLogin"
                  userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
                  roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
           </Realm>

           <Host name="localhost"  appBase="webapps"
                 unpackWARs="true" autoDeploy="true" />
         </Engine>
       </Service>
     </Server>

 Configure your `login.config` file

     PropertiesLogin {
         org.apache.openejb.core.security.jaas.PropertiesLoginModule required
         Debug=false
         UsersFile="users.properties"
         GroupsFile="groups.properties";
     };


 Configure your login module specifically (`users.properties` for snippets of this page for instance).

 Place `users.properties` and `groups.properties` files in `$CATALINA_BASE/conf/` folder.
 `users.properties` file contains user name and associated password entries, ex.:

     me=password
     tomee=tomee

 `groups.properties` file specifies groups and their users, ex.:

     my-role=me
     manager-gui=tomee,me
     tomee-admin=tomee

 **NOTE**: `users.properties` and `groups.properties` file names and file location are fixed. If other names are used, the files must be placed in `%CATALINA_BASE/lib/` folder instead.
	Title: JAAS and TomEE

	# Purpose

	You want to use JAAS in TomEE with custom (or OpenEJB) LoginModules.

	# Solution

	TomEE tries to keep as possible as it is Tomcat so simply
	configure your JAAS LoginModule as in Tomcat.

	Note: only the first one will be used.

	# Configuration

	Add to your `CATALINA_OPTS` the `java.security.auth.login.config` system property:

	-Djava.security.auth.login.config=$CATALINA_BASE/conf/login.config

	Configure your realm in server.xml file

	<?xml version='1.0' encoding='utf-8'?>
	<Server port="8005" shutdown="SHUTDOWN">
	<Listener className="org.apache.tomee.loader.OpenEJBListener" />
	<Listener className="org.apache.catalina.security.SecurityListener" />

	<Service name="Catalina">
	<Connector port="8080" protocol="HTTP/1.1"
	connectionTimeout="20000"
	redirectPort="8443" />
	<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
	<Engine name="Catalina" defaultHost="localhost">
	<!-- here is the magic -->
	<Realm className="org.apache.catalina.realm.JAASRealm" appName="PropertiesLogin"
	userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
	roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
	</Realm>

	<Host name="localhost" appBase="webapps"
	unpackWARs="true" autoDeploy="true" />
	</Engine>
	</Service>
	</Server>

	Configure your `login.config` file

	PropertiesLogin {
	org.apache.openejb.core.security.jaas.PropertiesLoginModule required
	Debug=false
	UsersFile="users.properties"
	GroupsFile="groups.properties";
	};


	Configure your login module specifically (`users.properties` for snippets of this page for instance).

	Place `users.properties` and `groups.properties` files in `$CATALINA_BASE/conf/` folder.
	`users.properties` file contains user name and associated password entries, ex.:

	me=password
	tomee=tomee

	`groups.properties` file specifies groups and their users, ex.:

	my-role=me
	manager-gui=tomee,me
	tomee-admin=tomee

	NOTE: `users.properties` and `groups.properties` file names and file location are fixed. If other names are used, the files must be placed in `%CATALINA_BASE/lib/` folder instead.