Well... I was on a vacation and only now I'm returning to this subject...
I've commented the https://issues.apache.org/jira/browse/OPENEJB-901 JIRA
issue , but I'm also pasting here my comment:
I've attached the test-updated.war file which reproduces the problem.
I've seen the examples, but I can't get it to work, so I've attached it and
here is how to reproduce:
Just to make sure, I've downloaded a clean tomcat 6.0.18 and placed the
openejb.war on the webapps dir
Copy the attached jaas.conf file to tomcat/conf directory, and update the
catalina.sh script to include
-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.conf
Deploy the test-updated.war and run the server
Then, navigate to the root of /test-updated and click on the Servlet link
On the login prompt, any username / password is validated and granted the
role 'user'
You'll get a Permission Denied message, as well as the result for the
EJB.isCallerInRole("user")=false and the Request.isUserInRole("user")=true
What is wrong here?
--
View this message in context:
http://www.nabble.com/TomcatSecurityService-tp19093534p19289830.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.
