tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brad O'Hearne <br...@neurofire.com>
Subject Tomcat 5.5.12 -- Roles being "lost" and causing authorization to fail
Date Fri, 21 Oct 2005 01:46:51 GMT
Hey all,

I just got a JAASRealm working in Tomcat, successfully authenticating against 
my loging module. In my login module, I am successfully storing a role 
principal "manager" inside the authenticated subject, which Tomcat logging 
confirms. Immediately after authentication, Tomcat then tries to authorize 
the request to forward to  the expected URL, which is protected by container 
managed security (i.e. web.xml) and allowing access to role user "manager". 
The problem is that even though I am successfully storing the role principal 
for the manager role in my subject, Tomcat's RealmBase is not finding the 
role, and authorization is failing, hence the request errors out. The log is 
below, can anyone help me out with why this is failing? 

Thanks, 

Brad

20-10 13:59:06,322 DEBUG (JAASRealm.java:authenticate:393)  -JAAS LoginContext 
created for username "brado"
20-10 13:59:06,324 DEBUG (JAASRealm.java:createPrincipal:476)  -Checking 
Principal "Principal: 
name=brado" [com.redbarnsoftware.web.security.UserPrincipal]
20-10 13:59:06,325 DEBUG (JAASRealm.java:createPrincipal:482)  -Principal 
"brado" is a valid user class. We will use this as the user Principal.
20-10 13:59:06,326 DEBUG (JAASRealm.java:createPrincipal:476)  -Checking 
Principal "Principal: 
name=manager" [com.redbarnsoftware.web.security.RolePrincipal]
20-10 13:59:06,327 DEBUG (JAASRealm.java:createPrincipal:489)  -Adding role 
Principal "manager" to this user Principal's roles
20-10 13:59:06,341 DEBUG (JAASRealm.java:authenticate:402)  -Username "brado" 
successfully authenticated as Principal "{1}" -- Subject was created too
20-10 13:59:06,358 DEBUG (CoyoteAdapter.java:parseSessionCookiesId:410)  - 
Requested cookie session id is 43C9C12A1726C5075DD45209A3967014
20-10 13:59:06,359 DEBUG (SingleSignOn.java:invoke:342)  -Process request for 
'/iocaine/'
20-10 13:59:06,360 DEBUG (SingleSignOn.java:invoke:353)  - Checking for SSO 
cookie
20-10 13:59:06,361 DEBUG (SingleSignOn.java:invoke:373)  - Checking for cached 
principal for 91F06522EDD456D4AD2B0269570839A1
20-10 13:59:06,368 DEBUG (SingleSignOn.java:invoke:388)  - No cached principal 
found, erasing SSO cookie
20-10 13:59:06,369 DEBUG (RealmBase.java:findSecurityConstraints:461)  -  
Checking constraint 'SecurityConstraint[iocaine]' against 
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,370 DEBUG (RealmBase.java:findSecurityConstraints:505)  -  
Checking constraint 'SecurityConstraint[iocaine]' against 
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,371 DEBUG (RealmBase.java:findSecurityConstraints:571)  -  
Checking constraint 'SecurityConstraint[iocaine]' against 
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,372 DEBUG (RealmBase.java:findSecurityConstraints:628)  -  
Checking constraint 'SecurityConstraint[iocaine]' against 
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,373 DEBUG (RealmBase.java:hasUserDataPermission:847)  -  User 
data constraint has no restrictions
20-10 13:59:06,680 DEBUG (SingleSignOn.java:register:576)  -Registering sso id 
'1F6A37C1E95F8026BB25A6420E6B6B3A' for user 'brado' with auth type 'FORM'
20-10 13:59:06,698 DEBUG (SingleSignOn.java:associate:431)  -Associate sso id 
1F6A37C1E95F8026BB25A6420E6B6B3A with session 
StandardSession[43C9C12A1726C5075DD45209A3967014]
20-10 13:59:06,703 DEBUG (RealmBase.java:hasResourcePermission:737)  -  
Checking roles Principal: name=brado
20-10 13:59:06,704 DEBUG (RealmBase.java:hasResourcePermission:766)  -No role 
found:  manager

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message