tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Torsten" <d...@luniks.net>
Subject "Checking roles GenericPrincipal" sporadically gets wrong roles
Date Tue, 18 Oct 2005 21:18:59 GMT
Hello,

I hope it is OK that I post here, as the problem I have is actually with
Tomcat in JBoss 4.0.3.
I have secured a servlet with a security constraint using BASIC
authentication. I have declared a JAAS security domain in jboss-web.xml
which is using a MySQL database with two simple tables for users and
roles.
It all works fine, but when I "bomb" the servlet with many concurrent HTTP
POST requests, authentication sporadically fails.
In the logfile I can see the following:

2005-10-18 21:41:17,073 DEBUG [org.apache.catalina.realm.RealmBase]  
Checking roles GenericPrincipal[appuser1(SOMServlet,SOMapp1,guest,)]2005-10-18 21:41:17,073
DEBUG [org.apache.catalina.realm.RealmBase]
Username appuser1 has role SOMServlet2005-10-18 21:41:17,075 DEBUG [org.apache.catalina.realm.RealmBase]
 
Checking roles GenericPrincipal[appuser2(SOMServlet,SOMapp1,guest,)]2005-10-18 21:41:17,075
DEBUG [org.apache.catalina.realm.RealmBase]
Username appuser2 has role SOMServlet
Here, user appuser2 gets the role SOMapp1, which is definetely wrong, as
the roles are defined as:
mysql> select * from JMS_ROLES;
+--------------+----------+
| ROLEID       | USERID   |
+--------------+----------+
| guest        | appuser1 |
| SOMapp1      | appuser1 |
| SOMServlet   | appuser1 |
| guest        | appuser2 |
| SOMapp2      | appuser2 |
| SOMServlet   | appuser2 |
| guest        | guest    |
| guest        | servlet  |
| SOMAllQueues | servlet  |
+--------------+----------+

Now I wonder if this is could be an issue with JBoss AS JAAS security
domain, or with Tomcat?
Thanks,
Torsten



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message