tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan McGuinness (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TOMEE-1492) LazyRealm not working well in CombinedRealm (LockOutRealm)
Date Fri, 09 Jan 2015 17:18:34 GMT
Ryan McGuinness created TOMEE-1492:
--------------------------------------

             Summary: LazyRealm not working well in CombinedRealm (LockOutRealm)
                 Key: TOMEE-1492
                 URL: https://issues.apache.org/jira/browse/TOMEE-1492
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 1.7.1
            Reporter: Ryan McGuinness


The following LazyRealm definition works as expected in TomEE, delegating to the authenticate(String,
String) and hasRole(String) of the realmClass.

<Context>
    <Realm
            cdi="true"
            className="org.apache.tomee.catalina.realm.LazyRealm"
            realmClass="example.security.RecipeBookRealm" />
</Context>

When wrapped in a combined realm:
<Context>
    <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm
                cdi="true"
                className="org.apache.tomee.catalina.realm.LazyRealm"
                realmClass="example.security.RecipeBookRealm"/>
    </Realm>
</Context>

The authenticate method is delegated to correctly, but the hasRole(String) method IS NOT.

Thus when wrapped failure occurs in the annotations for @RolesAllowed() or and security assertions
made in the web.xml.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message