Message: The following issue has been closed.
Resolver: Ate Douma Date: Thu, 14 Oct 2004 12:54 PM Configured the new JAASRealm attribute sseContextClassLoader="false" in Jetspeed.xml when using Tomcat 5. As described above this now requires version 5.0.28+ when using Tomcat 5. The JAASRealm patch is now no longer needed and thus removed. --------------------------------------------------------------------- View the issue: http://issues.apache.org/jira/browse/JS2-55 Here is an overview of the issue: --------------------------------------------------------------------- Key: JS2-55 Summary: JAAS Authentication on Tomcat 5 Type: New Feature Status: Closed Priority: Major Resolution: FIXED Project: Jetspeed 2 Components: Security Fix Fors: 2.0-M1 Versions: 2.0-a1 Assignee: Reporter: Ate Douma Created: Tue, 25 May 2004 3:26 PM Updated: Thu, 14 Oct 2004 12:54 PM Environment: Tomcat 5.0.24, J2SE 1.4.2_03 Description: As discussed on the Jetspeed developers mailinglist (thread starts with: http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=14605) the new behaviour of Tomcat 5 to set the ContextClassLoader in the JAASRealm to the server classloader prevents defining LoginModules within the context of an web app. As a quick solution to this problem the Tomcat 5 JAASRealm is going to be patched to revert back to the old Tomcat 4 handling. The preferred solution is that the Tomcat Team would do this themselves or provide it as an option. Someone should start discussing this with them.... I'll provide a patch implementing the quick fix which will depend on the user property catalina.version.major=5 to be enforced upon the catalina server: when this condition is true a patched version of the Tomcat 5.0.24 JAASRealm.java revision 1.6 will be compiled into the $Tomcat/server/classes directory. --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]