You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Renato Romano <r....@set-network.com> on 2002/02/01 18:02:16 UTC

Custom Realm Implementation

I'm trying to write my own Realm but have some problems...
MyRealm extends JDBCRealm, overrides the authenticate method(Connection,
String, String)
and returns a CustomPrincipal which is My own implementation of Principal;

When I try to log in, a get a "User userName successfully authenticated"
message on the log, but the browser shows me a 403 error (You are not
allowed ...)

Any idea ?
Any document showing the process in details ?
Thanks

Renato


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

R: Custom Realm Implementation

Posted by Renato Romano <r....@set-network.com>.
OK !! In RealmBase the "hasRole" method looks for a Principal of class
GenericPrincipal; by overriding this method everithing works fine !!
Thanks a lot

Renato

-----Messaggio originale-----
Da: Craig R. McClanahan [mailto:craigmcc@apache.org]
Inviato: venerdi 1 febbraio 2002 23.31
A: Tomcat Users List; r.romano@set-network.com
Oggetto: Re: Custom Realm Implementation




On Fri, 1 Feb 2002, Renato Romano wrote:

> Date: Fri, 1 Feb 2002 18:02:16 +0100
> From: Renato Romano <r....@set-network.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
>      r.romano@set-network.com
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Custom Realm Implementation
>
> I'm trying to write my own Realm but have some problems...
> MyRealm extends JDBCRealm, overrides the authenticate method(Connection,
> String, String)
> and returns a CustomPrincipal which is My own implementation of Principal;
>
> When I try to log in, a get a "User userName successfully authenticated"
> message on the log, but the browser shows me a 403 error (You are not
> allowed ...)
>

Tomcat calls the hasRole() method of your Realm implementation in order to
check for the roles required to satisfy security constraints.  You'll want
to override this method as well, because the default method (in
AuthenticatorBase) assumes you are using one of the standard Realm
implementations that uses GenericPrincipal objects.

> Any idea ?
> Any document showing the process in details ?
> Thanks

Just the source code, at the moment :-(.

>
> Renato
>

Craig


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Custom Realm Implementation

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Fri, 1 Feb 2002, Renato Romano wrote:

> Date: Fri, 1 Feb 2002 18:02:16 +0100
> From: Renato Romano <r....@set-network.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
>      r.romano@set-network.com
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Custom Realm Implementation
>
> I'm trying to write my own Realm but have some problems...
> MyRealm extends JDBCRealm, overrides the authenticate method(Connection,
> String, String)
> and returns a CustomPrincipal which is My own implementation of Principal;
>
> When I try to log in, a get a "User userName successfully authenticated"
> message on the log, but the browser shows me a 403 error (You are not
> allowed ...)
>

Tomcat calls the hasRole() method of your Realm implementation in order to
check for the roles required to satisfy security constraints.  You'll want
to override this method as well, because the default method (in
AuthenticatorBase) assumes you are using one of the standard Realm
implementations that uses GenericPrincipal objects.

> Any idea ?
> Any document showing the process in details ?
> Thanks

Just the source code, at the moment :-(.

>
> Renato
>

Craig


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Custom Realm Implementation

Posted by Dan Kha <da...@YorkU.CA>.
Hi,

That's because TC 4.0.1 (and 4.0.2b1, but not sure about 4.0.2b2) calls
the hasRole() method (in RealmBase) and that method checks to see if
the principal is an instance of GenericPrincipal.  If not, then access is
denied (which I think is what's happening to you).  You will need to
extend from GenericPrincipal or modify the hasRole() method.  I would
extend GenericPrincipal rather than modify hasRole().

Thanks,
dan
--
Development Team
Computing & Network Services
York University, Toronto, Canada

On Fri, 1 Feb 2002, Renato Romano wrote:

> I'm trying to write my own Realm but have some problems...
> MyRealm extends JDBCRealm, overrides the authenticate method(Connection,
> String, String)
> and returns a CustomPrincipal which is My own implementation of Principal;
>
> When I try to log in, a get a "User userName successfully authenticated"
> message on the log, but the browser shows me a 403 error (You are not
> allowed ...)
>
> Any idea ?
> Any document showing the process in details ?
> Thanks
>
> Renato
>
>
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>