You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Markus Plail <pl...@web.de> on 2005/11/17 16:20:47 UTC
JAAS Realm not working since 5.5.10 (possible solution provided)
Hi there!
I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS
realm with a custom implementation of LoginModule. I couldn't
authenticate myself with any of the username password combinations. So I
tried 5.5.11 and 5.5.10 but nothing changed.
The debug trace looked very strange (see my post on tomcat-user), so I
decided to dig into the code and see what is happening. To make a long
story short I think I found a bug.
In RealmBase hasResourcePermission(...) calls request.getUserPrincipal()
to get the principal and then calls hasRole(...) to see if the principal
has the necessary role. hasRole(...) only succeeds if the principal is
an instance of GenericPrincipal, but request.getUserPrincipal() checks
if the principal is an instance of GenericPrincipal and if this is the
case, it returns the underlying principal.
Thus I don't think that a JAASRealm based login can ever succeed in
Tomcat > 5.5.9.
I removed the if clause and just return the principal and now my login
is working beautifully again.
Hope this helps
regards
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: JAAS Realm not working since 5.5.10 (possible solution provided)
Posted by Remy Maucherat <re...@apache.org>.
Markus Plail wrote:
> Not a single answer? Can't it be reproduced or what's the problem with
> my problem? If I am right it would be a significant issue wouldn't it?
Sorry. Two bug reports about this, and should be fixed in CVS.
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: JAAS Realm not working since 5.5.10 (possible solution provided)
Posted by Markus Plail <pl...@web.de>.
Markus Plail <pl...@web.de> writes:
> I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS
> realm with a custom implementation of LoginModule. I couldn't
> authenticate myself with any of the username password combinations. So
> I tried 5.5.11 and 5.5.10 but nothing changed.
>
> The debug trace looked very strange (see my post on tomcat-user), so I
> decided to dig into the code and see what is happening. To make a long
> story short I think I found a bug.
>
> In RealmBase hasResourcePermission(...) calls
> request.getUserPrincipal() to get the principal and then calls
> hasRole(...) to see if the principal has the necessary
> role. hasRole(...) only succeeds if the principal is an instance of
> GenericPrincipal, but request.getUserPrincipal() checks if the
> principal is an instance of GenericPrincipal and if this is the case,
> it returns the underlying principal. Thus I don't think that a
> JAASRealm based login can ever succeed in Tomcat > 5.5.9.
>
> I removed the if clause and just return the principal and now my login
> is working beautifully again.
Not a single answer? Can't it be reproduced or what's the problem with
my problem? If I am right it would be a significant issue wouldn't it?
regards
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org