DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37044>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37044

           Summary: JAASRealm / RealmBase role checking bug ?
           Product: Tomcat 5
           Version: 5.5.12
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: [EMAIL PROTECTED]
                CC: [EMAIL PROTECTED]


JAASRealm authenticates the user and creates a GenericPrincipal with 
  userPrincipal set to some principal returned by LoginModule.

  Later RealmBase.hasResourcePermission() calls request.getUserPrincipal()
  to recover authenticated user principal

  Request.getUserPrincipal() checks if the principal is instanceof 
  GenericPrincipal, and if it is, it returns its userPrincipal. 

  RealmBase.hasRole() checks if the principal is instanceof GenericPrincipal 
  and if not it fails immediately.

  Note: previous versions of JAASRealm had their own hasRole() implementation.

  Note: request.isUserInRole() is not getting userPrincipal from 
  GenericPrincipal when calling realm.hasRole() and this one seems to
  work.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to