tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brad O'Hearne <br...@neurofire.com>
Subject Accessing a custom user principal from a JAAS Realm
Date Tue, 18 Oct 2005 04:43:13 GMT
After several days of questions on the user mailing list surrounding 
this issue, I received an answer today which I need to confirm with any 
of the developers out there. Basically, I am using Tomcat 5.0.28, and 
using the JAAS realm for authentication and authorization. In my JAAS 
login module, I am setting the user principal as a custom Principal 
implementation configured in server.xml. Here's my server.xml realm setup:

<Realm className="org.apache.catalina.realm.JAASRealm"
    appName="imap"
    userClassNames="com.redbarnsoftware.web.security.UserPrincipal"
    roleClassNames="com.redbarnsoftware.web.security.RolePrincipal"  
    debug="99" />

My authentication across my login module works just fine. But in my 
subsequent servlets, when I invoke the request.getUserPrincipal() 
method, I am not returned my user principal class type, but I am instead 
returned a GenericPrincipal, and there's no way to get at my custom user 
principal class.

Someone on the user list said that though it should be supported, 
retrieving custom user principals weren't supported for the JAAS realm.I 
just wanted to confirm this with the developers, because its hard for me 
to imagine how the Java platform's authentication / authorization API is 
not fully supported in a mature app like Tomcat -- it sounded a little 
weird to me. So if someone could confirm this, that would really help.

Secondly, if it is in fact unsupported, I would like to inquire 1) if 
this feature is planned and if so, when, and 2) what is required to 
implement this in the present Tomcat architecture. I'd like to consider 
adding this, as it is pretty much a the type of hole that can be a 
deal-killer for Tomcat from a security standpoint.

Thanks for your help.

Cheers,

Brad

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message