Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 55127 invoked from network); 1 Aug 2006 09:02:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Aug 2006 09:02:39 -0000 Received: (qmail 45461 invoked by uid 500); 1 Aug 2006 09:02:36 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 45405 invoked by uid 500); 1 Aug 2006 09:02:36 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 45394 invoked by uid 500); 1 Aug 2006 09:02:36 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 45391 invoked by uid 99); 1 Aug 2006 09:02:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Aug 2006 02:02:36 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Aug 2006 02:02:35 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id A54DF410011; Tue, 1 Aug 2006 09:00:04 +0000 (GMT) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 40150] - Incorrect User/Role classnames are silently ignored. In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20060801090004.A54DF410011@brutus.apache.org> Date: Tue, 1 Aug 2006 09:00:04 +0000 (GMT) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40150 ------- Additional Comments From vandenberget@aciworldwide.com 2006-08-01 09:00 ------- Created an attachment (id=18668) --> (http://issues.apache.org/bugzilla/attachment.cgi?id=18668&action=view) Proposed fixed version of JAASRealm. This version of JAASRealm validates the class names for setUserClassNames and setRoleClassNames. It verifies if the class exists, and if it implements java.security.Principal. If not, it logs a message (severe), that allows users to detect the incorrect class name. It might even be better if it threw an exception. I've also restructured the code to parse the comma-delimited class name string, as it was rather inefficient. It uses a StringTokenizer now. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org