tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From calder <>
Subject (TC7+) Why was the Realm argument removed for GenericPrincipal?
Date Tue, 01 Nov 2016 18:12:25 GMT
We have an application that runs on Tomcat6. For Tomcat7+, two of our
.java files require modification.   The modifications are mostly
concerned with the invocation of the
org.apache.catalina.realm.GenericPrincipal constructor - see the
MyappRealm class just below - this is the TC6 version. For the TC7+
version, we must remove the "this" (our Realm) argument.

Please see the MyappSpnegoFormAuth class just below - specifically the
invoke() method.
With Tomcat6, the super.invoke() method consumes ~2 milliseconds.
With Tomcat7+, the super.invoke() method consumes ~28 milliseconds.
super.invoke() is a call to org.apache.catalina.authenticator.AuthenticatorBase

We believe, somehow, that the "missing dependency" (admittedly, we
don't know what the catalina GenericPrincipal class does with the
passed-in Realm - ie, our Realm class) is causing the extended
millisecond times.

So, can anyone explain why the Realm arg was removed for the TC7+
GenericPrincipal class?
And just as important, is there a way to match the functionality?
Maybe we missed where our Realm class is passed to catalina code?

(if anyone is curious why we are concerned about the extra 26
milliseconds, it's because this code is used during "report
generation" and is called many times - example, with TC6, the report
runs in 25 seconds, with TC7+, it takes 80 seconds!).

import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;

public class MyappRealm extends RealmBase {

  protected Principal getPrincipal(String username) {
   // in Tomcat6, all GenericPrincipal ctors required a Realm (1st) argument
   // - Tomcat7+ no Realm arg
    return new GenericPrincipal( this, username, getPassword(username), roles);

  public Principal authenticate(String alias, String uname, String creds,...) {
    // setup code
   return new GenericPrincipal( this, "myapp " + uname + "blah", creds, roles);

  public Principal authenticate(String uname, String creds) {
   // setup code
   return new GenericPrincipal( this, "myapp " +uname +"blah", creds, roles);

import org.apache.catalina.Realm;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.realm.GenericPrincipal;

public class MyappSpnegoFormAuth extends FormAuthenticator {
  public void invoke(Request request, Response response)
 throws IOException, ServletException {
 // setup code
    if( (session = request.getSessionInternal(false)) != null) {
      if( (prince = session.getPrincipal()) != null )
        request.setUserPrincipal(prince); // prince is a Principal

    super.invoke(request, response);

  public boolean realmAuth(HttpServletRequest request,
   String uname, String creds) {
    Realm realm = context.getRealm();
    Principal prince = realm.authenticate(uname, creds);
    if (prince != null) {
      this.register(req, res, prince, "FORM", uname, creds);
      return true;
    return false;

  public boolean authenticate(Request request,
   Response response, LoginConfig cfg)  throws IOException {
    // setup code
     // various decisions and calls to super.authenticate() -
    // if all are false, this last super call is made
    return super.authenticate(request, response, cfg);

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message