RE: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Caldarale, Charles R
> From: Brad O'Hearne [mailto:[EMAIL PROTECTED] > Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt > object preventing proper role authorization > > The JAASRealm takes whatever user principal you have and the role > principal you have added to the sub

Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Brad O'Hearne
mBase, JAASRealm, and/or Requestt object preventing proper role authorization So in the JAAS login module, what you would have to do is instantiate a user principal that is a subclass of GenericPrinicipal for your user principal, then add your role principals to that user principal, and then add the

RE: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Caldarale, Charles R
> From: Brad O'Hearne [mailto:[EMAIL PROTECTED] > Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt > object preventing proper role authorization > > So in the JAAS login module, what you would have to do > is instantiate a user principal that is a subclass of

Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Brad O'Hearne
principal, and broke role authorization. Alasa regression test that escaped... :-) B On Oct 20, 2005, at 9:09 PM, Caldarale, Charles R wrote: From: Brad O'Hearne [mailto:[EMAIL PROTECTED] Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role author

RE: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Caldarale, Charles R
> From: Brad O'Hearne [mailto:[EMAIL PROTECTED] > Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt > object preventing proper role authorization > > If you wanted to try to game the authorization, you'd have to > take your role principal, shove it into the

Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Brad O'Hearne
f the code. B Caldarale, Charles R wrote: From: Brad O'Hearne [mailto:[EMAIL PROTECTED] Subject: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization When this statement executes, principal is not a GenericPrincipal, by merits of the request'

RE: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Caldarale, Charles R
> From: Brad O'Hearne [mailto:[EMAIL PROTECTED] > Subject: Bug in RealmBase, JAASRealm, and/or Requestt object > preventing proper role authorization > > When this statement executes, principal is not a > GenericPrincipal, by merits of the request's > getUserPr

Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization

2005-10-20 Thread Brad O'Hearne
All, I have discovered a bug in role authorization when using a JAASRealm and custom user / role principals. In a nutshell, successful authentication in the JAASRealm over a custom JAAS login module results in the JAASRealm pulling the user principal and role principals out of the authenticated