This is a question for the users list. And a review of the recent archives for that list will find a similar question along with a solution.
Mark On 18/09/2019 11:35, Mehta, Vipul wrote: > In case of Kerberos authentication of user with tomcat webapp via > browser, we are facing issue with following class in tomcat version 7.0.96: > > https://github.com/apache/tomcat/blob/7.0.x/java/org/apache/catalina/connector/Request.java > > > > public Principal getUserPrincipal() > > => return ((GenericPrincipal) userPrincipal).getUserPrincipal(); #LINE-2650 > > > > This returns javax.security.auth.kerberos.KerberosPrincipal instance > using which it is not possible to get the actual delegated credential. > > Shouldn’t it simply return GenericPrincipal instance which contains > KerberosPrincipal as well as delegated GSSCredential ? > > > > We are using following realm config in server.xml: > > <Realm allRolesMode="authOnly" appName="Tomcat" > className="org.apache.catalina.realm.JAASRealm" > roleClassNames="org.apache.catalina.realm.GenericPrincipal" > stripRealmForGss="false" useContextClassLoader="false" > userClassNames="org.apache.catalina.realm.GenericPrincipal, > javax.security.auth.kerberos.KerberosPrincipal"/> > > > > > > Thanks, > > Vipul > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
