JAASRealm with Basic Authentication

[Adam Hardy <ah...@cyberspaceroad.com>]

I am trying to run my JAASRealm implementation, and I have it working
successfully on my own apps using Form-based authentication, but when I
try to use it for tomcat's manager tool (configured in
webapps/manager.xml) or any other app using basic authentication, I have
problems.

First of all tomcat throws a NullPointerException which originates from:

Caused by: java.lang.NullPointerException
	at
org.apache.catalina.realm.JAASCallbackHandler.handle(JAASCallbackHandler.java:156)
	at javax.security.auth.login.LoginContext$5.run(LoginContext.java:812)


At this point, the browser has just got the authentication request and
it shows me the basic authentication dialog. Then when I submit, with
the wrong password, I get the retry? dialog, but with the correct
password, tomcat gives me a 403: access denied.

I can see in tomcat's source that JAASCallbackHandler is not handling a
null password, but I don't understand why it is being passed a null
password. I think there must be an exception in
auth.login.LoginContext.run() which is being swallowed, resulting in
null user & pw parameters being passed.

Any help appreciated!
Adam

Re: JAASRealm with Basic Authentication

[Christopher Williams <cc...@ntlworld.com>]

Quoting from the recent 'Tomcat: The Definitive Guide' book: "At the time of
this writing, this realm (i.e. JAAS) implementation does not seem to
work...".  Possibly it still doesn't.