Manualshelf

NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
81828384858687888990
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator’s Guide544548-004
3-34
JAASRealm
JAASRealm
JAASRealm is a user realm implementation in NSJSP 6.0 that authenticates users for
a web application (or applications) through the Java Authentication and Authorization
Service (JAAS) framework.
Based on the JAAS framework, the JAASRealm allows pluggable authentication
mechanisms whose implementations are container-independent. You could use the
JAAS login module and principal to develop your own security mechanism or to wrap
other third-party mechanisms to support the web application-specific security
constraints. To set up NSJSP to use JAASRealm:
1. Prepare your own LoginModule, User, and Role classes to be managed by
JAAS LoginContext (see the JAAS Login Module Developer's Guide) or you
may use the NSJSP-provided NonStopLoginModule,
NonStopUserPrincipal, and NonStopRolePrincipal.
2. Add the classes to the NSJSP container if you have prepared your own classes for
the LoginModule.
3. Create a login configuration file (refer to JAAS LoginConfig file), and specify its
location in the Arglist of the NSJSP (in the servlet.config). Add -
Djava.security.auth.login.config==$NSJSP_HOME/conf/iTP_jaas.c
onfig. Note that the double equal sign (==) specifies that only this file should be
used. NSJSP 6.0 uses NonStop LoginModule to create a login configuration file
iTP_jaas.config as shown below:
/**
*
* File : iTP_jaas.config
*
* Product Name : NonStop(tm) Servlets For Java Server Pages(tm)
*
* Product Version : T1222 v6.0
*
* Description : The configuration file to authenticate NonStop Users
* via the JAAS NonStopLoginModule code. The User Name
* can be passed in 4 different ways to the JAAS
* NonStopLoginModule for user authentication via:
* NonStop User Name E.g. SUPER.SUPER
* NonStop Group,User E.g. 255,255
* NonStop User ID E.g. 65535
* Safeguard Alias E.g. root
Example 3-15. Realm element for the OpenLDAP directory server
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=Manager,dc=hp,dc=com"
connectionPassword="secret"
connectionURL="ldap://nonstop.hp.com:1025"
roleBase="dc=roles,dc=hp,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
roleSubtree="false"
userPassword="userPassword"
userPattern="cn={0},dc=hp,dc=com"/