Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Message-ID: <3F520137.1010100@cyberspaceroad.com>
Date: Sun, 31 Aug 2003 16:07:51 +0200
From: Adam Hardy <ahardy.struts@cyberspaceroad.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030701
MIME-Version: 1.0
To: tomcat-user@jakarta.apache.org
Subject: JAASRealm with Basic Authentication
References: 
 <OFB1092B34.23DB3E0D-ONC1256D8F.002EF66F-C1256D8F.002F2835@cellzome.de>
 <3F4DD187.60800@cyberspaceroad.com>
In-Reply-To: <3F4DD187.60800@cyberspaceroad.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

I am trying to run my JAASRealm implementation, and I have it working
successfully on my own apps using Form-based authentication, but when I
try to use it for tomcat's manager tool (configured in
webapps/manager.xml) or any other app using basic authentication, I have
problems.

First of all tomcat throws a NullPointerException which originates from:

Caused by: java.lang.NullPointerException
	at
org.apache.catalina.realm.JAASCallbackHandler.handle(JAASCallbackHandler.java:156)
	at javax.security.auth.login.LoginContext$5.run(LoginContext.java:812)


At this point, the browser has just got the authentication request and
it shows me the basic authentication dialog. Then when I submit, with
the wrong password, I get the retry? dialog, but with the correct
password, tomcat gives me a 403: access denied.

I can see in tomcat's source that JAASCallbackHandler is not handling a
null password, but I don't understand why it is being passed a null
password. I think there must be an exception in
auth.login.LoginContext.run() which is being swallowed, resulting in
null user & pw parameters being passed.

Any help appreciated!
Adam