tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: JAAS authenticated user fails authorization check
Date Tue, 06 May 2008 03:16:06 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin,

Robin Coe wrote:
| Thanks Chris, that must be it. Can't believe I missed that.
| Unfortunately, this class is part of the Catalina codebase, which makes
| it necessary to use a runtime check and invoking a GenericPrincipal
| subclass when running inside Tomcat. I don't want to include the
| Catalina jar or be dependent on running Tomcat exclusively.

I don't understand. You shouldn't have to do any of that stuff... just
extend GenericPrincipal and you should be good to go.

| I find it strange that the code works by calling
| request.isUserInRole(), when using a class that implements the Principal
| interface, but fails when using declared roles. It's annoying that the
| Tomcat docs don't mention the necessity of extending GenericPrincipal
| when rolling your own implementation.

That's because you generally don't roll your own half-implementation,
which is what you've done, here.

Tomcat expects its own implementation not to be subverted. Principal
does not have an "isInRole" method, so it's got to come from somewhere
else. Sorry!

If you want complete control over authentication and authorization, you
can check out securityfilter (http://securityfilter.sourceforge.net/),
although you may find that you have to implement a lot of your own stuff
if you really want a lot of control. You should be able to use Tomcat
realms (including JAASRealm) along with it, though.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgfzXYACgkQ9CaO5/Lv0PCpmwCfUDA0PVnkAgDZCoQLnj8OLG8t
6HUAn1h8EgQthejlUtsaedZHjl4ajKwB
=dqgf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message