I have written a JAAS-enabled web-app that successfully uses my LDAP service to
authenticate a user and populate the Subject with several Principals. I have
set up my web-app to use FORM based authentication and can successfully use
request.isUserInRole("rolename") to authorize my user against
> From: Robin Coe [mailto:[EMAIL PROTECTED]
> Subject: JAAS authenticated user fails authorization check
>
> However, when I declare a protected resource declaratively,
> and specify that the resource is protected with "rolename",
> Tomcat fails to authorize the u
ions
2008-05-05 13:08:53,128 7644656 [http-9808-Processor24] DEBUG
org.apache.catalina.realm.RealmBase - Checking roles CN=Robin
Coe,OU=Active,OU=Users,OU=Kaleidescape,DC=nextnewgig,DC=com
2008-05-05 13:08:53,129 7644657 [http-9808-Processor24] DEBUG
org.apache.catalina.realm.RealmBase - No role fou
> From: Robin Coe [mailto:[EMAIL PROTECTED]
> Subject: RE: JAAS authenticated user fails authorization check
It appears that the problem is you haven't fully configured the JAAS
environment. See below for details.
> I tested the implementation of isUserInRole() by wild-carding
t isn't fired. So it comes down to how the Catalina code base is
interpreting gp.hasRole(role). Haven't tracked down that code yet but I will.
At least, that's how it appears to me, but I am open to any fixes. :)
Robin.
-Original Message-
From: Caldarale, Charles R [mailt
> From: Robin Coe [mailto:[EMAIL PROTECTED]
> Subject: RE: JAAS authenticated user fails authorization check
>
> I did that part programmatically:
Just for grins, try replacing your programmatic approach with the
configuration settings. If that works, then it shows you're mis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
Robin Coe wrote:
| The Tomcat code that is failing for my auth check is
| (http://kickjava.com/src/org/apache/catalina/realm/RealmBase.java.htm):
Are you sure this is your version?
The 5.5.17 version of this file is available here:
http://s
essity
of extending GenericPrincipal when rolling your own implementation.
Thanks to you guys for helping me out!
Robin.
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 2:55 PM
To: Tomcat Users List
Subject: Re: JAAS authenticated user fails authorizati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
Robin Coe wrote:
| Thanks Chris, that must be it. Can't believe I missed that.
| Unfortunately, this class is part of the Catalina codebase, which makes
| it necessary to use a runtime check and invoking a GenericPrincipal
| subclass when runn
, it's been very valuable.
Robin.
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:16 PM
To: Tomcat Users List
Subject: Re: JAAS authenticated user fails authorization check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
Robin C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
Robin Coe wrote:
| Problem is, the GenericPrincipal class is in the Catalina jar, which
| is available to Tomcat as a native library but for me to make use of
| it, I'd have to include it in my web-app lib.
Actually, no. GenericPrincipal as l
hultz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 06, 2008 3:06 PM
To: Tomcat Users List
Subject: Re: JAAS authenticated user fails authorization check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin,
Robin Coe wrote:
| Problem is, the GenericPrincipal class is in the Catalina jar, which
| i
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> Subject: Re: JAAS authenticated user fails authorization check
>
> but I was under the impression that it is atypical to
> implement your own Principal object.
Actually, it's pretty much required to implement your own,
13 matches
Mail list logo
