https://bz.apache.org/bugzilla/show_bug.cgi?id=62036
--- Comment #5 from Konstantin Kolinko <knst.koli...@gmail.com> --- (In reply to Konstantin Kolinko from comment #3) > 2). It is also odd that RealmBase.hasRole() check for a MemoryUser fails. Debugging Tomcat 9: The following methods in RealmBase are called: (the actual object is LockOutRealm) 1. hasResourcePermission(request, response, SecurityConstraint []constraints, context) 2. hasRole((Wrapper) null, principal, (String) "testrole") 3. hasRoleInternal(principal, (String) "testrole") On successful call the 'principal' is GenericPrincipal. On unsuccessful call the 'principal' is MemoryUser and RealmBase.hasRoleInternal() fails because of the following lines: [[[ // Should be overridden in JAASRealm - to avoid pretty inefficient conversions if (!(principal instanceof GenericPrincipal)) { return false; } ]]] -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org