[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java

Wed, 30 May 2001 18:25:32 -0700 

  User: starksm 
  Date: 01/05/30 18:43:23

  Modified:    tomcat/src/main/org/jboss/tomcat/security
                        JBossSecurityMgrRealm.java
  Log:
  Add request.setUserPrincipal(principal) call as tomcat 3.2.2 no
  longer generates the user principal from the remote user
  
  Revision  Changes    Path
  1.2       +7 -5      
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
  
  Index: JBossSecurityMgrRealm.java
  ===================================================================
  RCS file: 
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JBossSecurityMgrRealm.java        2001/05/11 19:06:26     1.1
  +++ JBossSecurityMgrRealm.java        2001/05/31 01:43:23     1.2
  @@ -8,6 +8,7 @@
   import javax.naming.InitialContext;
   import javax.naming.NamingException;
   import javax.security.auth.Subject;
  +import javax.servlet.http.HttpServletResponse;
   
   import org.apache.log4j.Category;
   import org.apache.tomcat.core.BaseInterceptor;
  @@ -36,7 +37,7 @@
   @see org.jboss.security.SubjectSecurityManager
   
   @author [EMAIL PROTECTED]
  -@version $Revision: 1.1 $
  +@version $Revision: 1.2 $
   */
   public class JBossSecurityMgrRealm extends BaseInterceptor
   {
  @@ -97,6 +98,7 @@
               if( securityMgr.isValid(principal, password) )
               {
                   request.setRemoteUser(username);
  +                request.setUserPrincipal(principal);
                   Context ctx = request.getContext();
                   if (ctx != null)
                       request.setAuthType(ctx.getAuthMethod());
  @@ -138,7 +140,7 @@
   
           String username = request.getRemoteUser(); 
           if( username == null )
  -            return 401;
  +            return HttpServletResponse.SC_UNAUTHORIZED;
   
           /* Make sure the thread context class loader it set ot the servlet
               class loader. The Jdk12Interceptor should be handling this but
  @@ -172,14 +174,14 @@
               }
               else
               {
  -                category.debug("User: "+username+" is not authorized");
  -                code = 401;
  +                category.debug("User: "+username+" is NOT authorized, 
requiredRoles="+requiredRoles);
  +                code = HttpServletResponse.SC_FORBIDDEN;
               }
           }
           catch(NamingException e)
           {
               category.error("Error during authorize", e);
  -            code = 401;
  +            code = HttpServletResponse.SC_UNAUTHORIZED;
           }
           finally
           {
  
  
  

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to