tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40150] - Incorrect User/Role classnames are silently ignored.
Date Tue, 01 Aug 2006 09:00:04 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40150>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40150





------- Additional Comments From vandenberget@aciworldwide.com  2006-08-01 09:00 -------
Created an attachment (id=18668)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=18668&action=view)
Proposed fixed version of JAASRealm.

This version of JAASRealm validates the class names for setUserClassNames and
setRoleClassNames. It verifies if the class exists, and if it implements
java.security.Principal. If not, it logs a message (severe), that allows users
to detect the incorrect class name.

It might even be better if it threw an exception.

I've also restructured the code to parse the comma-delimited class name string,
as it was rather inefficient. It uses a StringTokenizer now.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message