tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liyi Meng" <>
Subject JAAS authentication goes OK, but 403 occurs on requesting resources
Date Tue, 01 Apr 2008 12:21:59 GMT
Hi all,

I am trying JAAS in tomcat, but hit on a really frustrating problem
right now. When login, authentication goes OK, but when requesting a
resource, I always get 403 access denied!

I try to print out httprequest.getRemoteUser in servlet, the username
is correct there, however httprequest.isUserInRoles() always returns
false :(

I am wondering if I have dose something wrong in storing the Roles.

Below is the code how I populate User and Role then save in Subject
public boolean commit() throws LoginException
if (succeeded == false)
return false;
} else
// add a Principal (authenticated identity)
// to the Subject
principals = new Principal[2];
principals[0] = new WebUser(username);
principals[1] = new WebRole("manager");

for(int i= 0 ; i < principals.length ; i++)
if (!subject.getPrincipals().contains(principals[i]))
if (debug)
Set<Principal> all = subject.getPrincipals();
Iterator<Principal> i = all.iterator();

commitSucceeded = true;
return true;

The debug shows that both user and role are stored in subject. But Why
tomcat is not recognized the role?!
If you ever see this kind of problem, please help! I'll greatly appreciate!

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message