NonStop Servlets for JavaServer Pages (5.0) System Administrator's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

100

Configuring NSJSP

NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-002

3-40

JAASRealm

JAASRealm is a user realm implementation of NSJSP that authenticates users for a

web application (or applications) through the Java Authentication and Authorization

Service (JAAS) framework. The JAAS package is fully integrated in J2SE version

1.4.and is available in NSJ 4.0 or later releases.

Based on the JAAS framework, the JAASRealm allows pluggable authentication

mechanisms whose implementations are totally container-independent. You could use

the JAAS login module and principal to develop your own security mechanism or to

wrap other third-party mechanisms to support the web applications' security

constraints. To set up NSJSP to use JAASRealm:

1. Prepare your own LoginModule, User, and Role classes to be managed by JAAS

LoginContext (see the JAAS Login Module Developer's Guide) or you may use the

NSJSP provided NonStopLoginModule, NonStopUserPrincipal, and

NonStopRolePrincipal.

2. Add the classes to the NSJSP container.

3. Create a login configuration file (refer to JAAS LoginConfig file), and specify its

location in the Arglist of the NSJSP (in the servlet.config). (add -

Djava.security.auth.login.config==$NSJSP_HOME/conf/iTP_jaas.c

onfig). Note that the double equal sign (==) specifies that only this file should be

used. Below is the NSJSP provided login configuration file using the NonStop

LoginModule (iTP_jaas.config):

/**

* File : iTP_jaas.config

* Product Name : NonStop(tm) Servlets For Java Server Pages(tm)

* Product Version : T1222 v5.0

* Description : The configuration file to authenticate NonStop Users

* via the JAAS NonStopLoginModule code. The User Name

* can be passed in 4 different ways to the JAAS

* NonStopLoginModule for user authentication via:

* NonStop User Name E.g. SUPER.SUPER

* NonStop Group,User E.g. 255,255

* NonStop User ID E.g. 65535

Example 3-27. Realm Element for the OpenLDAP Directory Server

<Realm className="org.apache.catalina.realm.JNDIRealm"

debug="0"

connectionName="cn=Manager,dc=hp,dc=com"

connectionPassword="secret"

connectionURL="ldap://nonstop.hp.com:1025"

roleBase="dc=roles,dc=hp,dc=com"

roleName="cn"

roleSearch="(uniqueMember={0})"

roleSubtree="false"

userPassword="userPassword"

userPattern="cn={0},dc=hp,dc=com"/