DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37044>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37044 Summary: JAASRealm / RealmBase role checking bug ? Product: Tomcat 5 Version: 5.5.12 Platform: All OS/Version: other Status: NEW Severity: major Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] JAASRealm authenticates the user and creates a GenericPrincipal with userPrincipal set to some principal returned by LoginModule. Later RealmBase.hasResourcePermission() calls request.getUserPrincipal() to recover authenticated user principal Request.getUserPrincipal() checks if the principal is instanceof GenericPrincipal, and if it is, it returns its userPrincipal. RealmBase.hasRole() checks if the principal is instanceof GenericPrincipal and if not it fails immediately. Note: previous versions of JAASRealm had their own hasRole() implementation. Note: request.isUserInRole() is not getting userPrincipal from GenericPrincipal when calling realm.hasRole() and this one seems to work. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]