tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Web app classloader loading JAAS LoginModule instead of server
Date Mon, 12 Nov 2007 21:29:08 GMT
> From: Andrew R Feller [mailto:afelle1@lsu.edu] 
> Subject: Web app classloader loading JAAS LoginModule instead 
> of server
> 
> we found that the Hibernate login module was being initialized 
> not by the server's classloader but the webapp's classloader!
> As we want to have different Realms declared for each web
> application, we don't want to set a realm and security
> constraints at the server level.

I'm confused; since you want different Realms for each webapp, isn't the
above observed behavior also the desired behavior?

> Whenever the application was being initialized, then its 
> hibernate.cfg.xml was loaded up from /WEB-INF/classes by
> the webappClassLoader.  Later on whenever the protected
> resource was requested and the JAAS login module was invoked,
> the login module was ALSO loaded by the webappClassLoader

So the same login module was loaded by the same classloader twice?  Or
is there an error in the above statement?

> the hibernate.cfg.xml it requested was loaded from the
> webappClassLoader's cache instead of searching for the
> one in server/classes.

Since you want separate Realms for each webapp, isn't the above what you
want?

> 1.	Why is the webapp's classloader loading classes for the login
> module?  Is this the intended behavior?

Depends on where your <Realm> is declared.  Take a look at:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Configuring%20a
%20Realm

> 2.	How is it possible to make Tomcat initialize the login module
> without the login module being declared for the entire server?

Again, see the above link.  From your description, it looks like you've
already achieved what you want.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message