DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40150>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40150 Summary: Incorrect User/Role classnames are silently ignored. Product: Tomcat 5 Version: 5.5.17 Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] org.apache.catalina.realm.JAASRealm does not verify any of the class names that are set through setRoleClassNames() and setUserClassNames(). If an incorrect class name (e.g. a typo) is configured in context.xml, this is unnoticed by JAASRealm. The result is that during authentication, when the subject's principals are checked against the configured class names, the principals are not recognised, and therefore not added to the subject. The fact an incorrect configured class name is currently not detected and logged makes it very hard to find the source of the problem. It can be easily fixed by checking the class names in the two methods mentioned above. The class must exist, and it must implement java.security.Principal, which is currently not enforced/checked by the code. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
