JAAS Realm not working since 5.5.10 (possible solution provided)
Hi there! I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS realm with a custom implementation of LoginModule. I couldn't authenticate myself with any of the username password combinations. So I tried 5.5.11 and 5.5.10 but nothing changed. The debug trace looked very strange (see my post on tomcat-user), so I decided to dig into the code and see what is happening. To make a long story short I think I found a bug. In RealmBase hasResourcePermission(...) calls request.getUserPrincipal() to get the principal and then calls hasRole(...) to see if the principal has the necessary role. hasRole(...) only succeeds if the principal is an instance of GenericPrincipal, but request.getUserPrincipal() checks if the principal is an instance of GenericPrincipal and if this is the case, it returns the underlying principal. Thus I don't think that a JAASRealm based login can ever succeed in Tomcat > 5.5.9. I removed the if clause and just return the principal and now my login is working beautifully again. Hope this helps regards Markus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS Realm not working since 5.5.10 (possible solution provided)
Markus Plail <[EMAIL PROTECTED]> writes: > I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS > realm with a custom implementation of LoginModule. I couldn't > authenticate myself with any of the username password combinations. So > I tried 5.5.11 and 5.5.10 but nothing changed. > > The debug trace looked very strange (see my post on tomcat-user), so I > decided to dig into the code and see what is happening. To make a long > story short I think I found a bug. > > In RealmBase hasResourcePermission(...) calls > request.getUserPrincipal() to get the principal and then calls > hasRole(...) to see if the principal has the necessary > role. hasRole(...) only succeeds if the principal is an instance of > GenericPrincipal, but request.getUserPrincipal() checks if the > principal is an instance of GenericPrincipal and if this is the case, > it returns the underlying principal. Thus I don't think that a > JAASRealm based login can ever succeed in Tomcat > 5.5.9. > > I removed the if clause and just return the principal and now my login > is working beautifully again. Not a single answer? Can't it be reproduced or what's the problem with my problem? If I am right it would be a significant issue wouldn't it? regards Markus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
