DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26236>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26236 JAASRealm and GenericPrincipal Summary: JAASRealm and GenericPrincipal Product: Tomcat 5 Version: 5.0.16 Platform: Other OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Catalina:Modules AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I am trying to implement my own JAAS LoginModule. I configure server.xml <Realm className="org.apache.catalina.realm.JAASRealm" debug="99" appName="NadejJAAS" userClassName="com.micropole.jaas.memory.UserPrincipal" roleClassName="com.micropole.jaas.memory.RolePrincipal" /> My LoginModule works fine until i need to populate Principal in the commit() method. Kind of result: [MemoryLoginModule] user entered user name: testUser [MemoryLoginModule] user entered password: testPassword [MemoryLoginModule] authentication succeeded And finnaly i get a 403 : forbidden access to ressource .... I find an explication in the following method of RealmBase.hasRole(Principal principal, String role) In fact, i populate with my own Principal (RolePrincipal) but Tomcat rejects my user because it is waiting for a GenericPrincipal. JAASRealm seems to use public boolean hasRole(Principal principal, String role) inherited from RealmBase with the following code : public boolean hasRole(Principal principal, String role) { // Should be overriten in JAASRealm - to avoid pretty inefficient conversions if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal)) return (false); GenericPrincipal gp = (GenericPrincipal) principal; if (!(gp.getRealm() == this)) { log.debug("Different realm " + this + " " + gp.getRealm());// return (false); } boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } return (result); } Two things : 1 - the comment says that it should be re-implemented in JAASRealm but it is not done. 2 - This implementation depends on a GenericPrincipal class specific to Catalina packages. Maybe somebody is working about this JAASRealm and can help me to be able to write a LoginModule that is not compiling depend of Catalina but usable with Catalina. A bonus question : why using two principals in server.xml realm tag if we are using in one code? It seems there is an error in the manual (Realm Element Attributes Table seems to talk about MemoryRealm instead of JAASRealm). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
