You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/09/14 06:34:50 UTC
DO NOT REPLY [Bug 43392] New: - Tomcat6 JAASRealm ignores useContextClassLoader in parseClassNames
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43392>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43392
Summary: Tomcat6 JAASRealm ignores useContextClassLoader in
parseClassNames
Product: Tomcat 6
Version: 6.0.14
Platform: PC
URL: http://support.liferay.com/browse/LEP-
2995;jsessionid=C72F970D8B99F4BD60185FB0A1567A8F
OS/Version: All
Status: NEW
Severity: regression
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: computabloke@gmail.com
Issue when specifying custom User/Role security principal classes in a JAASRealm
element within a /META-INF/context.xml of a war. Tomcat 6 should obey the
useContextClassLoader configuration of the JAASRealm when parsing the user/role
classNames.
<Realm
className="org.apache.catalina.realm.JAASRealm"
appName="PortalRealm"
userClassNames="com.liferay.portal.security.jaas.PortalPrincipal"
roleClassNames="com.liferay.portal.security.jaas.PortalRole"
debug="99"
useContextClassLoader="false"
/>
Upon server startup, the Tomcat 6.0.14 JAASRealm attempts to load the
userClassNames and roleClassNames in parseClassNames with Class.forName(), and
since these classes reside only in the webapp context (/WEB-INF/lib/) they are
not found on the classpath, and causes the following output in the Tomcat
console upon startup:
SEVERE: Class com.liferay.portal.security.jaas.PortalPrincipal not
found! Class not added.
SEVERE: Class com.liferay.portal.security.jaas.PortalRole not found!
Class not added.
Tomcat 5.5.x did not report these failures, because it did not attempt to
perform a Class.forName() lookup. Instead, it only saved the userClassNames and
roleClassNames in a java.util.List object.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43392] - Tomcat6 JAASRealm ignores useContextClassLoader in parseClassNames
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43392>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43392
------- Additional Comments From computabloke@gmail.com 2007-09-13 21:45 -------
Sorry, I meant the issue occurs when using useContextClassLoader="true" in the
original report (which is the default according to
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JAASRealm).
As a temporary work-around for this issue you can:
1. Move your classes to the Tomcat shared /lib directory.
2. Since all principals must implement java.security.Principal, and the first
principal 'must' be the user principal, you can just use the base class:
<Realm
className="org.apache.catalina.realm.JAASRealm"
appName="PortalRealm"
userClassNames="java.security.Principal"
debug="99"
useContextClassLoader="true"
/>
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43392] - Tomcat6 JAASRealm ignores useContextClassLoader in parseClassNames
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43392>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43392
computabloke@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From computabloke@gmail.com 2007-12-20 19:22 -------
Thanks Noah, The patch looks perfect to me. I hope it makes it into the next
release!
Since the patch is in 44084, I'll mark this one as a duplicate.
See also bug 40150 that Ate re-opened so that the patch could be applied to T5.5
too.
*** This bug has been marked as a duplicate of 44084 ***
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43392] - Tomcat6 JAASRealm ignores useContextClassLoader in parseClassNames
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43392>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43392
------- Additional Comments From nlevitt@gmail.com 2007-12-15 14:55 -------
Just noticed this bug report. I put up a patch at bug 44084, would be cool if
you could try it.
The logic also seemed to be backwards to me. I assume useContextClassLoader
means to use Thread.currentThread().getContextClassLoader(), which is the
webapp's class loader, and useContextClassLoader="false" means the servlet class
loader, which is retrieved by getClass().getClassLoader() from the JAASRealm.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43392] - Tomcat6 JAASRealm ignores useContextClassLoader in parseClassNames
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43392>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43392
------- Additional Comments From kzettel@gmail.com 2007-10-05 14:24 -------
I think this was caused by the changes for bug 40150
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org