Hi there! I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS realm with a custom implementation of LoginModule. I couldn't authenticate myself with any of the username password combinations. So I tried 5.5.11 and 5.5.10 but nothing changed.
The debug trace looked very strange (see my post on tomcat-user), so I decided to dig into the code and see what is happening. To make a long story short I think I found a bug. In RealmBase hasResourcePermission(...) calls request.getUserPrincipal() to get the principal and then calls hasRole(...) to see if the principal has the necessary role. hasRole(...) only succeeds if the principal is an instance of GenericPrincipal, but request.getUserPrincipal() checks if the principal is an instance of GenericPrincipal and if this is the case, it returns the underlying principal. Thus I don't think that a JAASRealm based login can ever succeed in Tomcat > 5.5.9. I removed the if clause and just return the principal and now my login is working beautifully again. Hope this helps regards Markus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
