[jira] Closed: (JS2-55) JAAS Authentication on Tomcat 5

Thu, 14 Oct 2004 12:52:54 -0700 

Message:

   The following issue has been closed.

   Resolver: Ate Douma
       Date: Thu, 14 Oct 2004 12:54 PM

Configured the new JAASRealm attribute sseContextClassLoader="false" in Jetspeed.xml 
when using Tomcat 5.
As described above this now requires version 5.0.28+ when using Tomcat 5.
The JAASRealm patch is now no longer needed and thus removed.
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/JS2-55

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JS2-55
    Summary: JAAS Authentication on Tomcat 5
       Type: New Feature

     Status: Closed
   Priority: Major
 Resolution: FIXED

    Project: Jetspeed 2
 Components: 
             Security
   Fix Fors:
             2.0-M1
   Versions:
             2.0-a1

   Assignee: 
   Reporter: Ate Douma

    Created: Tue, 25 May 2004 3:26 PM
    Updated: Thu, 14 Oct 2004 12:54 PM
Environment: Tomcat 5.0.24, J2SE 1.4.2_03

Description:
As discussed on the Jetspeed developers mailinglist (thread starts with: 
http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=14605) the new behaviour of 
Tomcat 5 to set the ContextClassLoader in the JAASRealm to the server classloader 
prevents defining LoginModules within the context of an web app.

As a quick solution to this problem the Tomcat 5 JAASRealm is going to be patched to 
revert back to the old Tomcat 4 handling.

The preferred solution is that the Tomcat Team would do this themselves or provide it 
as an option. Someone should start discussing this with them....

I'll provide a patch implementing the quick fix which will depend on the user property 
catalina.version.major=5 to be enforced upon the catalina server: when this condition 
is true a patched version of the Tomcat 5.0.24 JAASRealm.java revision 1.6 will be 
compiled into the $Tomcat/server/classes directory.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to