[jira] [Created] (TOMEE-1492) LazyRealm not working well in CombinedRealm (LockOutRealm)

Fri, 09 Jan 2015 09:18:58 -0800 

Ryan McGuinness created TOMEE-1492:
--------------------------------------

             Summary: LazyRealm not working well in CombinedRealm (LockOutRealm)
                 Key: TOMEE-1492
                 URL: https://issues.apache.org/jira/browse/TOMEE-1492
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 1.7.1
            Reporter: Ryan McGuinness


The following LazyRealm definition works as expected in TomEE, delegating to 
the authenticate(String, String) and hasRole(String) of the realmClass.

<Context>
    <Realm
            cdi="true"
            className="org.apache.tomee.catalina.realm.LazyRealm"
            realmClass="example.security.RecipeBookRealm" />
</Context>

When wrapped in a combined realm:
<Context>
    <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm
                cdi="true"
                className="org.apache.tomee.catalina.realm.LazyRealm"
                realmClass="example.security.RecipeBookRealm"/>
    </Realm>
</Context>

The authenticate method is delegated to correctly, but the hasRole(String) 
method IS NOT.

Thus when wrapped failure occurs in the annotations for @RolesAllowed() or and 
security assertions made in the web.xml.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to