Markus Plail <[EMAIL PROTECTED]> writes: > I recently wanted to upgrade to Tomcat 5.5.12 from 5.5.9. I use JAAS > realm with a custom implementation of LoginModule. I couldn't > authenticate myself with any of the username password combinations. So > I tried 5.5.11 and 5.5.10 but nothing changed. > > The debug trace looked very strange (see my post on tomcat-user), so I > decided to dig into the code and see what is happening. To make a long > story short I think I found a bug. > > In RealmBase hasResourcePermission(...) calls > request.getUserPrincipal() to get the principal and then calls > hasRole(...) to see if the principal has the necessary > role. hasRole(...) only succeeds if the principal is an instance of > GenericPrincipal, but request.getUserPrincipal() checks if the > principal is an instance of GenericPrincipal and if this is the case, > it returns the underlying principal. Thus I don't think that a > JAASRealm based login can ever succeed in Tomcat > 5.5.9. > > I removed the if clause and just return the principal and now my login > is working beautifully again.
Not a single answer? Can't it be reproduced or what's the problem with my problem? If I am right it would be a significant issue wouldn't it? regards Markus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
