DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43214>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43214 Summary: Calls to Embedded.setRealm(Realm) fails Product: Tomcat 5 Version: 5.5.23 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P3 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] OVERVIEW -------- Embedded.setRealm(Realm) does not seem to set the Realm of StandardEngine. This causes an authenticated JAAS principal (user) to always get a 403 (access to the requested resource has been denied) error displayed on the browser. STEPS TO REPRODUCE ------------------- I set up a Realm like this: // create the engine and default host catalinaEngine = embeddedCatalina.createEngine(); catalinaEngine.setName(REALM_PNS); //JAAS Realm name must equal engine name // create realm for authentication JAASRealm jaasRealm = new JAASRealm(); jaasRealm.setUserClassNames("nz.co.picksend.usermanagement.User"); jaasRealm.setRoleClassNames("nz.co.picksend.usermanagement.Role"); jaasRealm.setUseContextClassLoader(false); embeddedCatalina.setRealm(jaasRealm); When I log in to any web application, I am authenticated but get a 403 (access to the requested resource has been denied) error on any page. The reason is that the instance of StandardEngine has a different instance of JAASRealm than was created with the code above. The new instance is created in StandardEngine.getRealm() if no instance of a realm already exists (line 139): public Realm getRealm() { Realm configured=super.getRealm(); // If no set realm has been called - default to JAAS // This can be overriden at engine, context and host level if( configured==null ) { configured=new JAASRealm(); this.setRealm( configured ); //<-- NEW INSTANCE CREATED HERE } return configured; } This realm naturally does not contain the values for userClassNames and roleClassNames and thefore cannot find out if a user is in a particular role, causing a 403 error. Stepping through the code, it appears that Embedded.setRealm(Realm) never results in a call to StandardEngine.setRealm(Realm). WORKAROUND ---------- The workaround is to create the instance of JAASRealm before creating Embedded, such as: embeddedCatalina = new Embedded(jaasRealm); However, you must use the deprecated method JAASRealm.setAppName() to set the JAAS name because the containers name cannot be determined at this point and therefore defaults to "other". -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
