DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37518>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37518 Summary: JAASRealm can't be used to protect resources Product: Tomcat 5 Version: 5.5.12 Platform: Other OS/Version: Windows XP Status: NEW Keywords: PatchAvailable Severity: major Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] In 5.5.12, the hasRole method in JAASRealm has been removed. Instead, it uses RealmBase's hasRole methd. In RealmBase's hasRole method, it the principal is not GenericPrincipal, it will return false. But in Request.getUserPrincipal method, there also a change, if userPrincipal is GenericPrincipal, it returns userPrincipal. Which means the framework use getUserPrincipal, and call JAASRealm(RealmBase)'s hasRole should always fail. Suggest to make the following change: in JAASRealm.java, add roleSet private instance variable, then in createPrincipal method, just after roles.add(principal.getName());, add "roleSet.add(principal);" then add hasRole method like following: public boolean hasRole(Principal principal, String role) { if (principal == null) { return false; } Iterator it = roleSet.iterator(); while (it.hasNext()) { Principal p = (Principal)it.next(); if (p.equals(principal)) { return true; } } return super.hasRole(principal, role); } -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
