From: Brad O'Hearne [mailto:[EMAIL PROTECTED]
Subject: Bug in RealmBase, JAASRealm, and/or Requestt object
preventing proper role authorization
When this statement executes, principal is not a
GenericPrincipal, by merits of the request's
getUserPrincipal() method executed prior to
Charles,
I addressed this at the bottom of my email. It might be a hack that
would work, but you would effectively be duplicating what the JAASRealm
is doing already. The JAASRealm takes the user principal and role
principal, and shoves them into a GenericPrinicipal. If you wanted to
try to
From: Brad O'Hearne [mailto:[EMAIL PROTECTED]
Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt
object preventing proper role authorization
If you wanted to try to game the authorization, you'd have to
take your role principal, shove it into the user principal,
then let
From: Brad O'Hearne [mailto:[EMAIL PROTECTED]
Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt
object preventing proper role authorization
So in the JAAS login module, what you would have to do
is instantiate a user principal that is a subclass of
GenericPrinicipal for your
, JAASRealm, and/or Requestt
object preventing proper role authorization
So in the JAAS login module, what you would have to do
is instantiate a user principal that is a subclass of
GenericPrinicipal for your user principal, then add your
role principals to that user principal, and then add the
user
From: Brad O'Hearne [mailto:[EMAIL PROTECTED]
Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt
object preventing proper role authorization
The JAASRealm takes whatever user principal you have and the role
principal you have added to the subject, and creates a new
