Sorry, this was an already closed issue with JBoss 4.0.3:
http://jira.jboss.com/jira/browse/JBAS-2357
Torsten
Torsten schrieb:
Hello,
I hope it is OK that I post here, as the problem I have is actually with
Tomcat in JBoss 4.0.3.
I have secured a servlet with a security constraint using BASIC
authentication. I have declared a JAAS security domain in jboss-web.xml
which is using a MySQL database with two simple tables for users and
roles.
It all works fine, but when I "bomb" the servlet with many concurrent HTTP
POST requests, authentication sporadically fails.
In the logfile I can see the following:
2005-10-18 21:41:17,073 DEBUG [org.apache.catalina.realm.RealmBase]
Checking roles GenericPrincipal[appuser1(SOMServlet,SOMapp1,guest,)]2005-10-18 21:41:17,073 DEBUG [org.apache.catalina.realm.RealmBase]
Username appuser1 has role SOMServlet2005-10-18 21:41:17,075 DEBUG [org.apache.catalina.realm.RealmBase]
Checking roles GenericPrincipal[appuser2(SOMServlet,SOMapp1,guest,)]2005-10-18 21:41:17,075 DEBUG [org.apache.catalina.realm.RealmBase]
Username appuser2 has role SOMServlet
Here, user appuser2 gets the role SOMapp1, which is definetely wrong, as
the roles are defined as:
mysql> select * from JMS_ROLES;
+--------------+----------+
| ROLEID | USERID |
+--------------+----------+
| guest | appuser1 |
| SOMapp1 | appuser1 |
| SOMServlet | appuser1 |
| guest | appuser2 |
| SOMapp2 | appuser2 |
| SOMServlet | appuser2 |
| guest | guest |
| guest | servlet |
| SOMAllQueues | servlet |
+--------------+----------+
Now I wonder if this is could be an issue with JBoss AS JAAS security
domain, or with Tomcat?
Thanks,
Torsten
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
