[
https://issues.apache.org/jira/browse/JS2-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551199
]
adouma edited comment on JS2-828 at 12/12/07 7:24 PM:
---------------------------------------------------------
Confirmed.
And I also found why: http://issues.apache.org/bugzilla/show_bug.cgi?id=40150
This is a patch applied to Tomcat 5.5.24 (and 6, I haven't yet figured out
since which version).
The point of the above issue was detecting invalid Principal classes (which
couldn't be loaded) so to provide proper feedback during startup of Tomcat.
But, this patch didn't cater for another feature of the JAASRealm, namely that
these Principal classes can be located/provided by the specific web application
itself (configuration parameter useContextClassLoader, default *true*).
The check done on the provided classes is *not* done with respect to this
configuration parameter, thus now fails with Jetspeed which depends on this :(
So, our Principal classes are no longer known to Tomcat and thus its container
authentication is completely broken!
I'll pursuit this issue with the Tomcat team and see if we can get this patch
reversed or corrected, but for the time being its difficult to run Jetspeed on
Tomcat >= 5.5.24.
A workaround is extracting the JaasReam.class from the catalina-optional.jar
from Tomcat 5.5.23 and copy that (in the proper package directory) under
$TOMCAT_HOME/server/classes.
I've tested it out and it works (the above patch is the only change to this
class so far).
As this issue isn't related to jetspeed at all but really a Tomcat bug, I'm
going to remove the Fix version as its not something we cann fix.
was (Author: adouma):
Confirmed.
And I also found why: http://issues.apache.org/bugzilla/show_bug.cgi?id=40150
This is a patch applied to Tomcat 5.24 (and 6, I haven't yet figured out since
which version).
The point of the above issue was detecting invalid Principal classes (which
couldn't be loaded) so to provide proper feedback during startup of Tomcat.
But, this patch didn't cater for another feature of the JAASRealm, namely that
these Principal classes can be located/provided by the specific web application
itself (configuration parameter useContextClassLoader, default *true*).
The check done on the provided classes is *not* done with respect to this
configuration parameter, thus now fails with Jetspeed which depends on this :(
So, our Principal classes are no longer known to Tomcat and thus its container
authentication is completely broken!
I'll pursuit this issue with the Tomcat team and see if we can get this patch
reversed or corrected, but for the time being its difficult to run Jetspeed on
Tomcat >= 5.5.24.
A workaround is extracting the JaasReam.class from the catalina-optional.jar
from Tomcat 5.5.23 and copy that (in the proper package directory) under
$TOMCAT_HOME/server/classes.
I've tested it out and it works (the above patch is the only change to this
class so far).
As this issue isn't related to jetspeed at all but really a Tomcat bug, I'm
going to remove the Fix version as its not something we cann fix.
> JAAS authentication failure with Tomcat 5.5.24 and above.
> ---------------------------------------------------------
>
> Key: JS2-828
> URL: https://issues.apache.org/jira/browse/JS2-828
> Project: Jetspeed 2
> Issue Type: Bug
> Environment: Tomcat >= 5.5.24
> Reporter: Mohan Kannapareddy
> Assignee: Ate Douma
> Priority: Critical
>
> Immediately after logging into the portal, the URL address box in the browser
> displays:
> http://localhost:20000/jetspeed/login/redirector
> ======================
> And the page displays:
> HTTP Status 403 - Access to the requested resource has been denied
> type Status report
> message Access to the requested resource has been denied
> description Access to the specified resource (Access to the requested
> resource has been denied) has been forbidden.
> Apache Tomcat/5.5.25
> ======================
> I believe this is the same behavior in Tomcat 6.0.x and I get the same thing
> in GlassFish v2-b58g.
> This does *NOT* happen in Tomcat 5.5.23 or lower versions. Something changed
> between 5.5.23 and 5.5.25.
> Also, after the login post if you just type in the URL http://<>/jetspeed,
> the page appears normally and you can
> function.
> I do not know whether it is relevant but at least GlassFish appears to record
> the following in the server.log.
> Unable to set request character encoding to UTF-8 from context /jetspeed,
> because request parameters have already been read, or
> ServletRequest.getReader() has already been called
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
