Hi all,
I am trying JAAS in tomcat, but hit on a really frustrating problem
right now. When login, authentication goes OK, but when requesting a
resource, I always get 403 access denied!
I try to print out httprequest.getRemoteUser in servlet, the username
is correct there, however httprequest.isUserInRoles() always returns
false :(
I am wondering if I have dose something wrong in storing the Roles.
Below is the code how I populate User and Role then save in Subject
public boolean commit() throws LoginException
{
if (succeeded == false)
{
return false;
} else
{
// add a Principal (authenticated identity)
// to the Subject
principals = new Principal[2];
principals[0] = new WebUser(username);
principals[1] = new WebRole("manager");
for(int i= 0 ; i < principals.length ; i++)
{
if (!subject.getPrincipals().contains(principals[i]))
subject.getPrincipals().add(principals[i]);
}
if (debug)
{
Set<Principal> all = subject.getPrincipals();
Iterator<Principal> i = all.iterator();
while(i.hasNext())
{
System.out.println(+ i.next().toString());
}
}
commitSucceeded = true;
return true;
}
}
The debug shows that both user and role are stored in subject. But Why
tomcat is not recognized the role?!
If you ever see this kind of problem, please help! I'll greatly appreciate!
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
