Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 39184 invoked from network); 15 Jan 2004 16:49:38 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 15 Jan 2004 16:49:38 -0000 Received: (qmail 68471 invoked by uid 500); 15 Jan 2004 16:49:25 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 68424 invoked by uid 500); 15 Jan 2004 16:49:25 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 68403 invoked from network); 15 Jan 2004 16:49:24 -0000 Received: from unknown (HELO vertigo.micropole.com) (213.41.126.253) by daedalus.apache.org with SMTP; 15 Jan 2004 16:49:24 -0000 Received: by vertigo.micropole.com; id SAA11707; Thu, 15 Jan 2004 18:00:41 +0100 (CET) Message-ID: <202CEC1EA707FF4A8FA9D64ABE8651BF04622E@gandalf.aix.micropole.com> From: BURRIEL Emmanuel To: "'tomcat-dev@jakarta.apache.org'" Subject: catalina (tomcat 5.0.16) JAASRealm and GenericPrincipal and Me Date: Thu, 15 Jan 2004 17:49:15 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3DB87.82DC00F0" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C3DB87.82DC00F0 Content-Type: text/plain; charset="iso-8859-1" I am trying to implement my own JAAS LoginModule. I configure server.xml My LoginModule works fine until i need to populate Principal in the commit() method. Kind of result: [MemoryLoginModule] user entered user name: testUser [MemoryLoginModule] user entered password: testPassword [MemoryLoginModule] authentication succeeded And finnaly i get a 403 : forbidden access to ressource .... I find an explication in the following method of RealmBase.hasRole(Principal principal, String role) In fact, i populate with my own Principal (RolePrincipal) but Tomcat rejects my user because it is waiting for a GenericPrincipal. JAASRealm seems to use public boolean hasRole(Principal principal, String role) inherited from RealmBase with the following code : public boolean hasRole(Principal principal, String role) { // Should be overriten in JAASRealm - to avoid pretty inefficient conversions if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal)) return (false); GenericPrincipal gp = (GenericPrincipal) principal; if (!(gp.getRealm() == this)) { log.debug("Different realm " + this + " " + gp.getRealm());// return (false); } boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } return (result); } Two things : 1 - the comment says that it should be re-implemented in JAASRealm but it is not done. 2 - This implementation depends on a GenericPrincipal class specific to Catalina packages. Maybe somebody is working about this JAASRealm and can help me to be able to write a LoginModule that is not compiling depend of Catalina but usable with Catalina. A bonus question : why using two principals in server.xml realm tag if we are using in one code? It seems there is an error in the manual (Realm Element Attributes Table seems to talk about MemoryRealm instead of JAASRealm). Thanks in advance for any help. Emmanuel BURRIEL ------_=_NextPart_001_01C3DB87.82DC00F0--