DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-10-01 12:31 --- My mistake -- good catch. Thank you for pointing it out. I've fixed it on both HEAD and TOMCAT_5_0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED | --- Additional Comments From [EMAIL PROTECTED] 2004-09-30 21:54 --- It looks like the most recent commit of JAASRealm has a slight problem in it. The whole-file version I submitted has these lines, starting at line 536: if (userPrincipal == null userClasses.contains(principalClass)) { userPrincipal = principal; if( log.isDebugEnabled() ) { log.debug(sm.getString(jaasRealm.userPrincipalSuccess, principal.getName())); } } if (roleClasses.contains(principalClass)) { roles.add(principal); if( log.isDebugEnabled() ) { log.debug(sm.getString(jaasRealm.rolePrincipalAdd, principal.getName())); } } The current file in HEAD looks like this (also starting at 536): if (userPrincipal == null userClasses.contains(principalClass)) { userPrincipal = principal; if( log.isDebugEnabled() ) { log.debug(sm.getString(jaasRealm.userPrincipalSuccess, principal.getName())); } } if (roleClasses.contains(principalClass)) { roles.add(principal.getName()); } if (roleClasses.contains(principalClass)) { roles.add(principal); if( log.isDebugEnabled() ) { log.debug(sm.getString(jaasRealm.rolePrincipalAdd, principal.getName())); } } The middle chunk of code (3 lines) shouldn't be there. It is adding a String to what is supposed to be a collection of Principal objects. This is causing downstream calls to hasRole(Principal, String) to choke and die with a ClassCastException. The patch file I submitted also has this middle chunk marked for removal (-), so I think this was just a mistake in the commit process. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-09-21 23:31 --- Patch applied on both TOMCAT_5_0 and HEAD (Tomcat 5.5) branches. Thanks for contributing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:29 --- Created an attachment (id=12761) Small Ant project that builds a test case WAR, dummy JAAS LoginModule JAR and associated context descriptors. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:31 --- Created an attachment (id=12762) JAASRealm.java (whole file, not a diff) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:32 --- Created an attachment (id=12763) JAASCallbackHandler.java (whole file; not a diff) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:32 --- Created an attachment (id=12764) LocalStrings.properties (whole file; not a diff) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:36 --- Created an attachment (id=12765) JAASRealm.java (patch cf. tomcat 5.028 release) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:37 --- Created an attachment (id=12766) JAASCallbackHandler (patch cf. tomcat 5.028 release) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:37 --- Created an attachment (id=12767) LocalStrings.properties (patch cf. tomcat 5.028 release) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-18 16:41 --- I've uploaded a small Ant project contains a series of test cases for the JAASRealm patches. The patches were made against the source tree for Tomcat 5.0.28. First, a short explanation of what the patch itself is all about. As several observers have noted, the current JAASRealm implementation doesn't actually deliver on all of the functionality it promises, particularly with respect to its ability to return Principals of user-specified types. In addition, the current implementation is limited by its inability to hash passwords. The patch fixes both of these issues. Files that have been modified (relative to jakarta-tomcat-catalina/catalina/src/share): org/apache/catalina/realm/JAASRealm.java org/apache/catalina/realm/LocalStrings.properties org/apache/catalina/realm/JAASCallbackHandler.java See the other attachments to this bug for the patch files, whole files, and test case tar file. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-09-10 05:44 --- After a bit (!) of a hiatus, patches against the most recent release (5.0.28), and matching test cases, are progressing. I expect to have both submitted early next week. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals [EMAIL PROTECTED] changed: What|Removed |Added Status|ASSIGNED|NEW - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-07-29 13:43 --- Typical test cases submitted for Tomcat are WAR files. They contain the code to be tested along with the META-INF/context.xml file which is the Context element with the proper declarations, e.g. for a Realm. Don't bother using the Tester approach, that's wasted effort on build files. For this case a dummy LoginModule with hard-coded user names and passwords is fine. Also for this case, since the Realm has to be in a common classloader repository, a single WAR won't be possible, so maybe a separate JAR. Basically, we ask for whatever you would use to unit-test your own patch. I understand it works for you, and that's great, and if you don't unit-test that's also OK (I sometimes don't do it either, we're not perfect ;)). But we do prefer to have unit tests before committing into the core Tomcat code. I also wanted to assess your interest in this: I'm glad you responded, and quickly. If I ask for tests, give it a couple of months with no response, then ask again and get no response within a month or so, I sometimes close the bugzilla issue for lack of interest. Because you responded we can keep this open and resolve it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-07-28 15:07 --- No test cases? This item may be closed if none are submitted. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-07-29 02:40 --- Two issues preventing me from writing test cases: 1) It isn't clear how to do that. There isn't much documentation on how testing works; I was a but put off by that initially. After some investigation, I found jakarta-tomcat-catalina/tester/src/bin/tester.xml, which indeed appears to be an Ant file that performs out-of-container HTTP testing. So, sure, I can see how, if the container were configured to use my JAASRealm patch, I could re-test the authentication tests in jakarta-tomcat- catalina/tester/src/tester/org/apache/tester/Authentication0*.java. Sounds simple, but it all turns on the phrase if the container were configured to use my JAASRealm patch. All of the tests use, by default, uses UserDatabaseRealm. How could I make Tomcat use JAASRealm instead? It appears that I would need to either: - Create a custom context descriptor for the tester webapp that uses JAASRealm - Edit the existing conf/server.xml file ... as well as cause the test script to bounce the server and re-load it with the new context descriptor. Aha. To do this, now I need to hack the tester.xml Ant script. I have *never* written a Tomcat test case before, so this is just my best guess on what it would take. Am I wrong? 2) I'm not sure what it would contain. Remember that JAASRealm needs an implementation of a JAAS LoginModule to function. There isn't one supplied with Tomcat, so this means I'd need to: - Create a dummy LoginModule that authenticates certain hard-coded users but not others (e.g., Fred/ bedrock but not Barney/feet) - Create a sample LoginModule that authenticates against an existing user registry, like tomcat- users.xml. But that seems like real work to me; I might as well port MemoryRealm to JAAS while I'm at it. (Which is essentially what I'd be doing). Frankly, this seems like a lot of bother for a patch that I *know* works; is has been in production on my personal wiki for about three months. I can do it if you want to, as long as you accept that this means that there will be quite a bit of changes to certain build files, and other things. What is the best path forward? The key issue here is lack of flexibility in the test scripts, which don't permit changing Realms for exercising authentication tests. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-06-01 16:47 --- Please submit test cases for this patch if possible. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-04-27 16:17 --- Created an attachment (id=11354) JAASRealm.patch - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-04-27 16:17 --- Created an attachment (id=11355) JAASCallbackHandler.patch - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-04-27 16:18 --- Created an attachment (id=11356) LocalStrings.patch - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28631] - JAASRealm fix to permit user-specified user/group Principals
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28631. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28631 JAASRealm fix to permit user-specified user/group Principals --- Additional Comments From [EMAIL PROTECTED] 2004-04-27 22:39 --- I should make clear that the patch files I submitted affect 5.0.19, but were diffed against those from CVS HEAD, on the morning of 4/14/2004. Sorry if that was not readily apparent. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]