DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29406>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29406 JAAS Authentication on Tomcat 5 Summary: JAAS Authentication on Tomcat 5 Product: Tomcat 5 Version: 5.0.24 Platform: Other OS/Version: Windows XP Status: NEW Severity: Major Priority: Other Component: Catalina:Modules AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] The new behavior of Tomcat 5 which sets the ContextClassLoader in the JAASRealm to the server classloader prevents from defining LoginModules within the context of a web app. The JAASRealm implementation on Tomcat 5 is different from the one on Tomcat 4 in that it sets the current Thread ClassLoaderContext to that of the Catalina core itself before accessing a LoginModule. This issue is discussed on Jetspeed 2 issue tracking under: http://nagoya.apache.org/jira/browse/JS2-55 and on J2's mailing list at: http://nagoya.apache.org/eyebrowse/ReadMsg?listName=jetspeed- [EMAIL PROTECTED]&msgNo=14605 Some of the negatives of that new implementation is that all services used by the LoginModule must now be part of Tomcat classloader. In an application where user management leverages some caching, this requires duplication of the caching layer, one for the server and one for the web application. This seems unneccessary. I copied the jetspeed-dev list on this issue for information and will include a patch created by Ate Douma to address this issue. Regards, David Le Strat. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
