[Bug 62309] New: JASPIC with Security Manager

Tue, 17 Apr 2018 03:42:07 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62309

            Bug ID: 62309
           Summary: JASPIC with Security Manager
           Product: Tomcat 8
           Version: 8.5.29
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: p...@silbergrau.com
  Target Milestone: ----

Any not mandatory requests will throw following error when the Security Manager
is enabled:


SCHWERWIEGEND: Exception Processing /login/login.jsp
java.lang.SecurityException: Es wird versucht, ein Objekt hinzuzufügen, das
keine Instanz von java.security.Principal für eine Principal-Gruppe eines
Subjekts ist
        at javax.security.auth.Subject$SecureSet.add(Subject.java:1125)
        at
java.util.Collections$SynchronizedCollection.add(Collections.java:2035)
        at org.apache.catalina.connector.Request.newSubject(Request.java:1969)
        at
org.apache.catalina.connector.Request.setUserPrincipal(Request.java:1953)
        at
org.apache.catalina.authenticator.AuthenticatorBase.authenticateJaspic(AuthenticatorBase.java:765)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:562)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

Sorry for the German error message, but the it basically says that it is not
allowed to add 'null' as a principal to the Subject.
This is when I forward the user to the login page where I can't have a
Principal because the user is not logged in yet.
And for not mandatory requests I shouldn't require a principal at all or I'm
completely wrong?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to