https://bz.apache.org/bugzilla/show_bug.cgi?id=65339
Bug ID: 65339
Summary: UserDatabaseRealm does not rely on cached roles only
Product: Tomcat 10
Version: unspecified
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ------
UserDatabaseRealm queries its UserDatabase in override hasRole() in order to
return a correct result, if the passed Principal is a GenericPrincipal with an
associated userPrincipal of type UserDatabasePrincipal. That userPrincipal more
or less acts like a tag interface to determine whether that special handling is
required. If not, the override calls its super method.
The UserDatabase can be updated through JMX at any time. Currently, such
changes are taken into account instantly (at every invocation of hasRole()),
which is different from other Realms and the UserDatabaseRealm's documentation.
Since the logged on user's effective roles are calculated and stored in the
GenericPrincipal returned from method getPrincipal, these could be used
instead. This eliminates both the hasRole() override as well as the private
class UserDatabaseRealm.UserDatabasePrincipal and makes the Realm behave
according to the documentation (and like e. g. DataSourcRealm).
There is a PR on GitHub with a patch targeting that issue:
https://github.com/apache/tomcat/pull/420
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
