Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

ll Barker wrote: > > > http://issues.apache.org/bugzilla/show_bug.cgi?id=37044 > > > > - Original Message - From: "Brad O'Hearne" > > <[EMAIL PROTECTED]> > > To: "Tomcat Developers List" > > Sent: Thursday, October 20, 20

Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

- Original Message - From: "Brad O'Hearne" <[EMAIL PROTECTED]> To: "Tomcat Developers List" Sent: Thursday, October 20, 2005 8:35 PM Subject: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization All,

Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

http://issues.apache.org/bugzilla/show_bug.cgi?id=37044 - Original Message - From: "Brad O'Hearne" <[EMAIL PROTECTED]> To: "Tomcat Developers List" Sent: Thursday, October 20, 2005 8:35 PM Subject: Bug in RealmBase, JAASRealm, and/or Requestt

Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

All, I have discovered a bug in role authorization when using a JAASRealm and custom user / role principals. In a nutshell, successful authentication in the JAASRealm over a custom JAAS login module results in the JAASRealm pulling the user principal and role principals out of the authenticated