Chuck,
The JAASRealm takes whatever user principal you have and the role
principal you have added to the subject, and creates a new
GenericPrincipal class, containing both your user principal and your
role principal. I do not think it populates your custom user
principal with roles. The problem is in the request.getUserPrincipal
() method, which pulls the user principal out of the wrapper. The
hasRole wants a GenericPrincipal containing the roles. So since the
method is getting your custom user principal, not the wrapper that
the realm has created, you have to populate your custom user
principal with the roles.
Btw, it appears that this was already logged as bug:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37044
B
On Oct 20, 2005, at 9:25 PM, Caldarale, Charles R wrote:
From: Brad O'Hearne [mailto:[EMAIL PROTECTED]
Subject: Re: Bug in RealmBase, JAASRealm, and/or Requestt
object preventing proper role authorization
So in the JAAS login module, what you would have to do
is instantiate a user principal that is a subclass of
GenericPrinicipal for your user principal, then add your
role principals to that user principal, and then add the
user principal and all the role principals to the subject.
No, you don't need to go through those steps yourself, since the
JAASRealm will do it for you.
What an ugly hack though.
I guess I don't see the ugliness - that's what subclassing is for.
Would be nice if the behavior were actually documented...
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-
mail
and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]