tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
Date Thu, 29 Jul 2004 02:40:25 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28631>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28631

JAASRealm fix to permit user-specified user/group Principals





------- Additional Comments From arjaquith@mindspring.com  2004-07-29 02:40 -------
Two issues preventing me from writing test cases:

1) It isn't clear how to do that.

There isn't much documentation on how testing works; I was a but put off by that initially.
After some 
investigation, I found jakarta-tomcat-catalina/tester/src/bin/tester.xml, which indeed appears
to be an 
Ant file that performs out-of-container HTTP testing. So, sure, I can see how, if the container
were 
configured to use my JAASRealm patch, I could re-test the authentication tests in jakarta-tomcat-
catalina/tester/src/tester/org/apache/tester/Authentication0*.java.

Sounds simple, but it all turns on the phrase "if the container were configured to use my
JAASRealm 
patch." All of the tests use, by default, uses UserDatabaseRealm. How could I make Tomcat
use 
JAASRealm instead? It appears that I would need to either:
- Create a custom context descriptor for the "tester" webapp that uses JAASRealm
- Edit the existing conf/server.xml file
... as well as cause the test script to bounce the server and re-load it with the new context
descriptor. 
Aha. To do this, now I need to hack the tester.xml Ant script.

I have *never* written a Tomcat test case before, so this is just my best guess on what it
would take. 
Am I wrong?

2) I'm not sure what it would contain. 

Remember that JAASRealm needs an implementation of a JAAS LoginModule to function. There isn't
one 
supplied with Tomcat, so this means I'd need to:
- Create a dummy LoginModule that authenticates certain hard-coded users but not others (e.g.,
"Fred/
bedrock" but not "Barney/feet")
- Create a "sample" LoginModule that authenticates against an existing user registry, like
tomcat-
users.xml. But that seems like real work to me; I might as well port MemoryRealm to JAAS while
I'm at 
it. (Which is essentially what I'd be doing). 

Frankly, this seems like a lot of bother for a patch that I *know* works; is has been in production
on my 
personal wiki for about three months. I can do it if you want to, as long as you accept that
this means 
that there will be quite a bit of changes to certain build files, and other things.

What is the best path forward? The key issue here is lack of flexibility in the test scripts,
which don't 
permit changing Realms for exercising authentication tests.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message