tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brad O'Hearne <br...@neurofire.com>
Subject Re: Bug in RealmBase, JAASRealm, and/or Requestt object preventing proper role authorization
Date Fri, 21 Oct 2005 04:42:59 GMT
Chuck,

The JAASRealm takes whatever user principal you have and the role  
principal you have added to the subject, and creates a new  
GenericPrincipal class, containing both your user principal and your  
role principal. I do not think it populates your custom user  
principal with roles. The problem is in the request.getUserPrincipal 
() method, which pulls the user principal out of the wrapper. The  
hasRole wants a GenericPrincipal containing the roles.  So since the  
method is getting your custom user principal, not the wrapper that  
the realm has created, you have to populate your custom user  
principal with the roles.

Btw, it appears that this was already logged as bug:

http://issues.apache.org/bugzilla/show_bug.cgi?id=37044

B

On Oct 20, 2005, at 9:25 PM, Caldarale, Charles R wrote:

>> From: Brad O'Hearne [mailto:brado@neurofire.com]
>> Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt
>> object preventing proper role authorization
>>
>> So in the JAAS login module, what you would have to do
>> is instantiate a user principal that is a subclass of
>> GenericPrinicipal for your user principal, then add your
>> role principals to that user principal, and then add the
>> user principal and all the role principals to the subject.
>>
>
> No, you don't need to go through those steps yourself, since the
> JAASRealm will do it for you.
>
>
>> What an ugly hack though.
>>
>
> I guess I don't see the ugliness - that's what subclassing is for.
> Would be nice if the behavior were actually documented...
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE  
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e- 
> mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message