tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BURRIEL Emmanuel <EBURR...@micropole-univers.com>
Subject catalina (tomcat 5.0.16) JAASRealm and GenericPrincipal and Me
Date Thu, 15 Jan 2004 16:49:15 GMT
I am trying to implement my own JAAS LoginModule.

I configure server.xml
<Realm className="org.apache.catalina.realm.JAASRealm"
                 debug="99" 
                 appName="NadejJAAS" 
                 userClassName="com.micropole.jaas.memory.UserPrincipal"
                 roleClassName="com.micropole.jaas.memory.RolePrincipal"
                 />
                 
My LoginModule works fine until i need to populate Principal in the commit()
method.

Kind of result:

		[MemoryLoginModule] user entered user name: testUser
		[MemoryLoginModule] user entered password: testPassword
		[MemoryLoginModule] authentication succeeded

And finnaly i get a 403 : forbidden access to ressource ....

I find an explication in the following method of RealmBase.hasRole(Principal
principal, String role) 

In fact, i populate with my own Principal (RolePrincipal) but
Tomcat rejects my user because it is waiting for a GenericPrincipal.
 
JAASRealm seems to use public boolean hasRole(Principal principal, String
role) 
inherited from RealmBase with the following code :

public boolean hasRole(Principal principal, String role) {

        // Should be overriten in JAASRealm - to avoid pretty inefficient
conversions
        if ((principal == null) || (role == null) ||
            !(principal instanceof GenericPrincipal))
            return (false);

        GenericPrincipal gp = (GenericPrincipal) principal;
        if (!(gp.getRealm() == this)) {
            log.debug("Different realm " + this + " " + gp.getRealm());//
return (false);
        }
        boolean result = gp.hasRole(role);
        if (log.isDebugEnabled()) {
            String name = principal.getName();
            if (result)
                log.debug(sm.getString("realmBase.hasRoleSuccess", name,
role));
            else
                log.debug(sm.getString("realmBase.hasRoleFailure", name,
role));
        }
        return (result);

    }
    
 Two things :
 1 - the comment says that it should be re-implemented in JAASRealm but it
is not done.
 2 - This implementation depends on a GenericPrincipal class specific to
Catalina packages.
 
 Maybe somebody is working about this JAASRealm and can help me to be able
to write a LoginModule that is not compiling depend of Catalina but usable
with Catalina.   
 
 A bonus question : why using two principals in server.xml realm tag if we
are using in one code?
 
 It seems there is an error in the manual (Realm Element Attributes Table
seems to talk about MemoryRealm instead of JAASRealm).
 
 Thanks in advance for any help. 

Emmanuel BURRIEL


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message