JAAS with JSPWiki

> Hello,
> I have been trying to implement JAAS login with JSPWiki on Tomcat.  
> We are
> using JSPWiki 2.6.2 with Tomcat5.5
> We have an existing web application (mainApp) that does not use JAAS.
> However, we would like to use JSPWiki as a portal with a single-sign-
> on
> feature -
> meaning when the user logs into our mainApp the user clicks on a  
> link to
> JSPWiki application. At this point, we would like to automatically
> authenticate
> the user with appropriate roles and permissions and log him into  
> JSPWiki.
>
> To acheive this, I have done the following but doesn't seem to work:
>
> 1. Tomcat server.xml:
> a. I've added a <Context> tag for JSPWiki application and <Context>  
> tag for
> mainApp with crossContext=true in both.
> b. Added a <Realm> entry as such:
>        <Realm
> className="org.apache.catalina.realm.JAASRealm"
>                            appName="JSPWiki-custom"
>
> userClassNames="com.ecyrd.jspwiki.user.DefaultUserProfile"
>                 roleClassNames="com.ecyrd.jspwiki.auth.authorize.Role"
>                      debug="99"/>
> c. Enabled SingleSignOn by adding the <Valve> tag within the <Host>  
> tag as
> such:
>         <Valve  
> className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
> 2. Placed my login module (JAASLoginModule's) jar file  
> JAASLoginLM.jar in
> %TOMCAT_HOME%/common/lib folder.
>   In the JAASLoginModule itself I am using HttpRequestCallback just  
> like
> the SiteMinderLoginModule example:
> http://www.jspwiki.org/wiki/Security2.3WishList
>
> 3. I added the entries for the login module in jspwiki.policy  
> towards the
> end as such:
>
> // grant LoginModule permissions
> grant codebase "file:${catalina.home}/common/lib/JaasLoginLM.jar" {
>    permission javax.security.auth.AuthPermission "modifyPrincipals";
> };
> grant codebase "file:${catalina.home}/common/lib/JaasLoginAzn.jar" {
>
>   permission javax.security.auth.AuthPermission
> "createLoginContext.jaaslogin";
>   permission javax.security.auth.AuthPermission "doAsPrivileged";
> };
>
> 4. In jspwiki.properties file I enabled JAAS as such:
> jspwiki.security = jaas
>
> 5. On tomcat startup I specify the policy file and jaas file  
> settings as
> such:
> -Djava.security.auth.login.config==C:\Program Files\Apache Software
> Foundation\Tomcat 5.5\webapps\JSPWiki\WEB-INF\jspwiki.jaas
> -Djava.security.policy==C:\Program Files\Apache Software Foundation
> \Tomcat
> 5.5\webapps\JSPWiki\WEB-INF\jspwiki.policy
>
> 6. Disabled container managed authentication in
> <TOMCAT_HOME>/webapps/web.xml by commenting the <security-constraint>
> section and
> in jspwiki.properties set jspwiki.userdatabase.isSharedWithContainer  
> = false
>
> Now, I restart the server and launch the mainApp and login. After  
> logging
> in, I click on the link to JSPWiki (http://<hostname:port>/JSPWiki/
> Wiki.jsp)
> -
> which takes me to the main page as an "Anonymous" user.
>
> I dont see JAAS being used. The logs do not show any debug messages  
> from my
> JAASLoginModule. Instead it says -
> "Checking JAAS configuration...JAAS already configured by some other
> application (leaving it alone...)"
>
> My security configuration verifier (SecurityConfig.jsp) says that it  
> found
> jspwiki.jaas. It doesn't show any errors - except that it says
> "We found some errors with your configuration: Policy file does not  
> have a
> keystore... at least not one that we can locate."
> Do I need jspwiki.jks file and an entry in policy file - keystore
> jspwiki.jks? - Currently I DO NOT have the keystore file.
>
> Do I need to programmatically create the LoginContext and call the  
> login()
> method in the JSP?
> My understanding was that all that would happen automatically in the
> background.
> I am sure I'm missing something.
>
>
> Your help is greatly appreciated!
> Thanks.