Thx for your attention, I managed to fix the problem myself.
The problem was that the principal class did some lookups in the system properties. That caused a call to AccessController.checkPermission() which in turn querried the principal, and so on. That caused a recursion that ended in a stack overflow. The bug didn't appear in the old jaas, because the PropertyPermission was already given to the code in the old code centric tomcat.policy whereas the principal only appeared in a different file (jaas.policy). That caused that the principal was not touched when checking the PropertyPermission and thus no recursion started. Regards Marcus Lippert. > -----Ursprüngliche Nachricht----- > Von: Marcus Lippert [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 10. März 2003 09:32 > An: [EMAIL PROTECTED] > Betreff: JAAS and Tomcat 4.1 > > > I'm running a servlet which does user centric authentication > using JAAS. > I.e. > I evaluate the client certificate used in the SSL session and map > the distinguished name within a login module to a role (implementation > of > interface java.security.Principal). > > The first time I receive a request, I create a LoginContext > and store it > in the > session. On each subsequent call I retrieve the LoginContext > and perform > a login > in order to obtain a subject. The rest of the code is enclosed in a > PrivilegedAction, > which is done as follows: > > Subject.doAsPrivileged(subject, new PrivilegedAction ( > public Object run() { > // the code including calls > AccessController.checkPermission(somePermission) > }}, null); > > I pass 'null' as AccessControlContext to let the framework generate a > new Context. > > Everything worked fine under JDK1.3.1, Tomcat 3.3.1 and the JAAS > extension for > the JDK. > > Now I'm using J2SDK1.4.1_02-b06 and Tomcat 4.1.18 and the following > problem occurs: > > The first call AccessController.checkPermision(aPermission) within the > privileged > action results in a stack overflow, which causes tomcat to crash > silently. It seems > to step into a recursion, which does not and. I found out, that each > recursive > call accesses the Role object: It calles role.equals(), and then three > times role.getName(). > For debugging purposes I inserted System.err.println's in the > respective > methods. Since > tomcat crashes silently (no log entry, no exception), I was > only able to > find out about > the stack overflow, by increasing the stack size for the VM > and counting > the printed lines. > > The problem only occurs when I use the role principal in a grant > statement (catalina.policy). > When I omit this grant and assigne the respective rights based on > codebases, everything works > fine (except that I have no user authorization). > > Does anyone have any idea, why this could happen? > > > Best regards, > > Marcus Lippert. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
