?id=37044
- Original Message - From: Brad O'Hearne
[EMAIL PROTECTED]
To: Tomcat Developers List dev@tomcat.apache.org
Sent: Thursday, October 20, 2005 8:35 PM
Subject: Bug in RealmBase, JAASRealm, and/or Requestt object
preventing proper role authorization
All
All,
I have discovered a bug in role authorization when using a JAASRealm and
custom user / role principals. In a nutshell, successful authentication in
the JAASRealm over a custom JAAS login module results in the JAASRealm
pulling the user principal and role principals out of the