https://issues.apache.org/bugzilla/show_bug.cgi?id=52846
Bug #: 52846
Summary: Programmatic login using UserDatabaseRealm returns 403
error.
Product: Tomcat 7
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: kfuj...@apache.org
Classification: Unclassified
IMHO,HttpServletRequest#login does not need to define a <login-config>.
NonLoginAuthenticator is used when <login-config> is not specified in
HttpServletRequest#login.
When UserDatabaseRealm is used, not GenericPrincipal but Memory User is set to
a session.
In AuthenticatorBase#invoke, principal registered into a session is set to a
request.
Because MemoryUser is set to a request as principal, RealmBase#hasRole always
returns false.
As a result, 403 error is returned.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
