https://issues.apache.org/bugzilla/show_bug.cgi?id=52846
Bug #: 52846 Summary: Programmatic login using UserDatabaseRealm returns 403 error. Product: Tomcat 7 Version: trunk Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: kfuj...@apache.org Classification: Unclassified IMHO,HttpServletRequest#login does not need to define a <login-config>. NonLoginAuthenticator is used when <login-config> is not specified in HttpServletRequest#login. When UserDatabaseRealm is used, not GenericPrincipal but Memory User is set to a session. In AuthenticatorBase#invoke, principal registered into a session is set to a request. Because MemoryUser is set to a request as principal, RealmBase#hasRole always returns false. As a result, 403 error is returned. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org