I have found a work-around (although it seems like a hack to me): Here is the code snippet from my LoginModule commit method. Code: List roles = new ArrayList(); roles.add( "tomcat_auth_role" ); GenericPrincipal gp = new GenericPrincipal(null, username, null, roles); subject.getPrincipals().add(gp);
String rolename = "tomcat_auth_role"; GenericPrincipal gp2 = new GenericPrincipal(realm, rolename, password); subject.getPrincipals().add(gp2); The server.xml and web.xml files are identical After playing around I found that if I were to create a second Principal with the username of the rolename, everything worked as expected. This behavior is not normal is it? I feel that the JAASRealm should be able to find the roles from the GenericPrincipal Class. Is there a bug that I am not aware of here? Cheers Joe -----Original Message----- From: Workman, Joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 19, 2006 1:49 PM To: users@tomcat.apache.org Subject: Custom JAAS LoginModule not authorizing GenericPrincipal roles I'm trying to use my own LoginModule. Its is successfully authenticating my username but the problem is when its trying to authorize my roles. Tried: 1. Here is the code snippet from my LoginModule commit method. Code: List roles = new ArrayList(); roles.add( "tomcat_auth_role" ); GenericPrincipal gp = new GenericPrincipal(null, username, null, roles); subject.getPrincipals().add(gp); 3. Added following to server.xml: Code: <Realm className="org.apache.catalina.realm.JAASRealm" appName="Tomcat" userClassNames="org.apache.catalina.realm.GenericPrincipal" roleClassNames="org.apache.catalina.realm.GenericPrincipal" useContextClassLoader="true" debug="2"/> 3. Added following to web.xml: Code: <auth-constraint> <role-name>tomcat_auth_role</role-name> </auth-constraint> Any help would be greatly appreciated. Cheers Joe ------------------------------------------------------------------------ ------ This email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender, delete this e-mail and destroy all copies. ======================================================================== ====== ------------------------------------------------------------------------------ This email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action omitted or taken in reliance on it, is prohibited and may be unlawful. If you believe that you have received this email in error, please contact the sender, delete this e-mail and destroy all copies. ============================================================================== --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
