Hello folks,
I believe I have found some problems in the JaasAuthenticationProvider
that surface when you are running multiple webapps that use it in the
same JVM, dealing with the jaas.config files for the different apps. I
am using Tomcat 5.0.28 on JDK 1.4.2_07.
Currently afterPropertiesSet() sets the java.security.auth.login.config
system property if it is not already set and if it is allowed. If it
can't set that, then it adds a login.config.url setting in
setPropertyUsingLoop().
The first problem I've run into is that if the system property is set,
JAAS never looks at the config files referred to in the login.config.url
settings. So the first webapp loaded wins, and all the webapps have to
use its config file.
To work around that I turned off permission to set that property in my
java.security file, and ran into the next problem: login.config.url
settings need to be URLs, such as
file:/c:/tomcat/webapps/bla/WEB-INF/jaas.config but afterPropertiesSet()
is passing it the C:\\tomcat\\webapps\\... style file path, and JAAS
coughs up a MalformedURLException.
So is there ever a reason to set the system property, rather than
allowing each webapp to add a login.config.url? Am I doing something
horribly wrong, or shall I open a Jira ticket or two?
thanks,
Eric
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
