The following comment has been added to this issue: Author: Scott T Weaver Created: Thu, 14 Oct 2004 8:21 AM Body: +1 on requiring tomcat 5.0.28+ --------------------------------------------------------------------- View this comment: http://issues.apache.org/jira/browse/JS2-55?page=comments#action_54046
--------------------------------------------------------------------- View the issue: http://issues.apache.org/jira/browse/JS2-55 Here is an overview of the issue: --------------------------------------------------------------------- Key: JS2-55 Summary: JAAS Authentication on Tomcat 5 Type: New Feature Status: Unassigned Priority: Major Project: Jetspeed 2 Components: Security Versions: 2.0-a1 Assignee: Reporter: Ate Douma Created: Tue, 25 May 2004 3:26 PM Updated: Thu, 14 Oct 2004 8:21 AM Environment: Tomcat 5.0.24, J2SE 1.4.2_03 Description: As discussed on the Jetspeed developers mailinglist (thread starts with: http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=14605) the new behaviour of Tomcat 5 to set the ContextClassLoader in the JAASRealm to the server classloader prevents defining LoginModules within the context of an web app. As a quick solution to this problem the Tomcat 5 JAASRealm is going to be patched to revert back to the old Tomcat 4 handling. The preferred solution is that the Tomcat Team would do this themselves or provide it as an option. Someone should start discussing this with them.... I'll provide a patch implementing the quick fix which will depend on the user property catalina.version.major=5 to be enforced upon the catalina server: when this condition is true a patched version of the Tomcat 5.0.24 JAASRealm.java revision 1.6 will be compiled into the $Tomcat/server/classes directory. --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]