[
https://issues.apache.org/jira/browse/TOMEE-1492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan McGuinness updated TOMEE-1492:
-----------------------------------
Description:
The following LazyRealm definition works as expected in TomEE, delegating to
the authenticate(String, String) and hasRole(Principal, String) of the
realmClass.
<Context>
<Realm
cdi="true"
className="org.apache.tomee.catalina.realm.LazyRealm"
realmClass="example.security.RecipeBookRealm" />
</Context>
When wrapped in a combined realm:
<Context>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm
cdi="true"
className="org.apache.tomee.catalina.realm.LazyRealm"
realmClass="example.security.RecipeBookRealm"/>
</Realm>
</Context>
The authenticate method is delegated to correctly, but the hasRole(Principal,
String) method IS NOT.
Thus when wrapped failure occurs in the annotations for @RolesAllowed() or and
security assertions made in the web.xml.
was:
The following LazyRealm definition works as expected in TomEE, delegating to
the authenticate(String, String) and hasRole(String) of the realmClass.
<Context>
<Realm
cdi="true"
className="org.apache.tomee.catalina.realm.LazyRealm"
realmClass="example.security.RecipeBookRealm" />
</Context>
When wrapped in a combined realm:
<Context>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm
cdi="true"
className="org.apache.tomee.catalina.realm.LazyRealm"
realmClass="example.security.RecipeBookRealm"/>
</Realm>
</Context>
The authenticate method is delegated to correctly, but the hasRole(String)
method IS NOT.
Thus when wrapped failure occurs in the annotations for @RolesAllowed() or and
security assertions made in the web.xml.
> LazyRealm not working well in CombinedRealm (LockOutRealm)
> ----------------------------------------------------------
>
> Key: TOMEE-1492
> URL: https://issues.apache.org/jira/browse/TOMEE-1492
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 1.7.1
> Reporter: Ryan McGuinness
> Labels: Security
>
> The following LazyRealm definition works as expected in TomEE, delegating to
> the authenticate(String, String) and hasRole(Principal, String) of the
> realmClass.
> <Context>
> <Realm
> cdi="true"
> className="org.apache.tomee.catalina.realm.LazyRealm"
> realmClass="example.security.RecipeBookRealm" />
> </Context>
> When wrapped in a combined realm:
> <Context>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <Realm
> cdi="true"
> className="org.apache.tomee.catalina.realm.LazyRealm"
> realmClass="example.security.RecipeBookRealm"/>
> </Realm>
> </Context>
> The authenticate method is delegated to correctly, but the hasRole(Principal,
> String) method IS NOT.
> Thus when wrapped failure occurs in the annotations for @RolesAllowed() or
> and security assertions made in the web.xml.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
