DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26475>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26475 JAASRealms behave different in Tomcat 5.x then Tomcat 4.x Summary: JAASRealms behave different in Tomcat 5.x then Tomcat 4.x Product: Tomcat 5 Version: 5.0.18 Platform: PC OS/Version: Windows XP Status: NEW Severity: Critical Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] I have a JAAS Realm that is built on top of Jetspeed. Because jetspeed needs to run within a servlet container and all JAASRealms must run at the server level my JAAS Realm no longer works. To replicate define a realm in the server.xml directory. <Realm className="org.apache.catalina.realm.JAASRealm" debug="99" appName="MyServletContainer" roleClassNames="org.apache.jetspeed.om.security.RoleNamePrincipal" userClassNames="org.apache.jetspeed.om.security.UserNamePrincipal"/> Add the security objects to the web application's web.xml file <security-constraint> <web-resource-collection> <web-resource-name>Protected link</web-resource-name> <url-pattern>/MYLINK</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> Next create your jaas.config file MyServletContainer { com.myapp.security.ServletContainerLoginModule required; }; Create the class and have it implement the jetspeed security object ... callbackHandler.handle(callbacks); username = ((NameCallback) callbacks[0]).getName(); String pword = new String(((PasswordCallback) callbacks[1]).getPassword()); ((PasswordCallback) callbacks[1]).clearPassword(); System.out.println ("trying to login:" + username + "/" + pword); System.out.println("Attempting to authenticate against the Jetspeed security services"); JetspeedSecurity.login(username, pword); succeeded = true; ... In order to get the class to run I had to add the jars and the class file to the common.loader of the catalina.properties. Without this the class nor the associated JAR files could be found (this was not the case in Tomcat 4.x) Now when you start the server and try to access the associated realm object you will get an error in the log that says javax.security.auth.login.LoginException: org.apache.turbine.services.InstantiationException: ServiceBroker: unknown service LoggingService requested The problem is that Jetspeed is looking for the properties to be within a servlet container and the realm must run within the server. Even if I just define the realm within the web application that does not solve the problem. This is a regression as 4.1 did not have this behavior. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
