- Original Message - From: "Brad O'Hearne"
<[EMAIL PROTECTED]>
To: "Tomcat Developers List"
Sent: Thursday, October 20, 2005 8:35 PM
Subject: Bug in RealmBase, JAASRealm, and/or Requestt object
preventing proper role authorization
All,
All,
I have discovered a bug in role authorization when using a JAASRealm and
custom user / role principals. In a nutshell, successful authentication in
the JAASRealm over a custom JAAS login module results in the JAASRealm
pulling the user principal and role principals out of the authenticated
I just configured a JAASRealm and a login module for it that authenticates
users. I've gotten that to work just fine. But in the process I discovered
something very strange. My loging module relies on mail.jar, the JavaMail
API. I put my login module and its dependency jars into the common/lib
Hello,
I have a really bizarre problem -- I have a JAAS login module
configured via a JAASRealm in the server.xml file, and this login
module relies on mail.jar (JavaMail API). I have placed the mail.jar
and required activation.jar, and my login module jar in the common/
lib directory. In
day 19 October 2005 07:15 am, Yoav Shapira wrote:
> Hi,
> You'd need to cast as follows:
>
> Principal mydude = request.getUserPrincipal();
> if(mydude instanceof GenericPrincipal) {
> mydude = ((GenericPrincipal) mydude).getUserPrincpal();
> }
>
> Yoav
>
> ---
After several days of questions on the user mailing list surrounding
this issue, I received an answer today which I need to confirm with any
of the developers out there. Basically, I am using Tomcat 5.0.28, and
using the JAAS realm for authentication and authorization. In my JAAS
login module,
