You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/06/05 19:10:53 UTC

DO NOT REPLY [Bug 29406] New: - JAAS Authentication on Tomcat 5

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29406>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29406

JAAS Authentication on Tomcat 5

           Summary: JAAS Authentication on Tomcat 5
           Product: Tomcat 5
           Version: 5.0.24
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Catalina:Modules
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: dlestrat@apache.org
                CC: jetspeed-dev@jakarta.apache.org


The new behavior of Tomcat 5 which sets the ContextClassLoader in the 
JAASRealm to the server classloader prevents from defining LoginModules within 
the context of a web app.  The JAASRealm implementation on Tomcat 5 is 
different from the one on Tomcat 4 in that it sets the current Thread 
ClassLoaderContext to that of the Catalina core itself before accessing a 
LoginModule.

This issue is discussed on Jetspeed 2 issue tracking under:
http://nagoya.apache.org/jira/browse/JS2-55

and on J2's mailing list at:
http://nagoya.apache.org/eyebrowse/ReadMsg?listName=jetspeed-
dev@jakarta.apache.org&msgNo=14605

Some of the negatives of that new implementation is that all services used by 
the LoginModule must now be part of Tomcat classloader.

In an application where user management leverages some caching, this requires 
duplication of the caching layer, one for the server and one for the web 
application.  This seems unneccessary.

I copied the jetspeed-dev list on this issue for information and will include 
a patch created by Ate Douma to address this issue.

Regards,

David Le Strat.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org