The following comment has been added to this issue:

     Author: Scott T Weaver
    Created: Thu, 14 Oct 2004 8:21 AM
       Body:
+1 on requiring tomcat 5.0.28+
---------------------------------------------------------------------
View this comment:
  http://issues.apache.org/jira/browse/JS2-55?page=comments#action_54046

---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/JS2-55

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JS2-55
    Summary: JAAS Authentication on Tomcat 5
       Type: New Feature

     Status: Unassigned
   Priority: Major

    Project: Jetspeed 2
 Components: 
             Security
   Versions:
             2.0-a1

   Assignee: 
   Reporter: Ate Douma

    Created: Tue, 25 May 2004 3:26 PM
    Updated: Thu, 14 Oct 2004 8:21 AM
Environment: Tomcat 5.0.24, J2SE 1.4.2_03

Description:
As discussed on the Jetspeed developers mailinglist (thread starts with: 
http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=14605) the new behaviour of 
Tomcat 5 to set the ContextClassLoader in the JAASRealm to the server classloader 
prevents defining LoginModules within the context of an web app.

As a quick solution to this problem the Tomcat 5 JAASRealm is going to be patched to 
revert back to the old Tomcat 4 handling.

The preferred solution is that the Tomcat Team would do this themselves or provide it 
as an option. Someone should start discussing this with them....

I'll provide a patch implementing the quick fix which will depend on the user property 
catalina.version.major=5 to be enforced upon the catalina server: when this condition 
is true a patched version of the Tomcat 5.0.24 JAASRealm.java revision 1.6 will be 
compiled into the $Tomcat/server/classes directory.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to