tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: [PROPOSAL] Remove Realm from GenericPrincipal
Date Fri, 17 Jul 2009 02:59:31 GMT
2009/7/17 Mark Thomas <>:
> As a result of looking into
>, I discovered
> that the only use made of the Realm attribute of GenericPrincipal is to
> control whether or not a debug message is logged in RealmBase.hasRole()

Looking at

That revision comment says about switch to commons-logging, but
besides just that the
"if (!(gp.getRealm() == this))" block was changed from returning false
to just logging a message.
I am not sure, that it was intentional.

Or there was really a bug with jaas, that this change fixed?

Is there a use case, besides replication, where a Principal is
processed in context of some other realm, some other realm instance,
different from the one that created it?

> Given that the Realm is the reason that GenericPrincipal is not
> Serializable, I'd like to propose the following changes for Tomcat 7.
> 1. Remove the Realm from GenericPrincipal
> 2. Make GenericPrincipal Serializable
> 3. Take advantage of this to simplify the Cluster code

I think "3." includes removing the
o.a.c.cluster.session.SerializablePrincipal class

> As a by product, this should also address bug 40881 by allowing any
> Realm that uses any Serializable Principal to work with clustering.

I attached a patch to that issue, see comment #12:
It is to allow a serializable Principal to be written out and read in
during replication.

Cannot test it, though, as I do not have relevant configuration now.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message