I found the problem :

  I was using a UserPrincipal and a RolePrincipal that had a case insensitive 
equals() method. I was first adding the UserPrincipal with name "admin", and 
then adding a RolePrincipal with name "Admin". The case insensitive equals() 
implies that the Role was not added as it was equals to the User ...

  Pretty easy problem, but I still took 1 full day to track it down !

    Guillaume


On Friday 04 March 2005 15.23, Guillaume Lederrey wrote:
>   I'm having problem with a JAAS authentication realm. I created a
> LoginModule, configured it as explained in
> http://forum.java.sun.com/thread.jspa?threadID=233317&tstart=0, defined the
> permissions in my WEB-INF/web.xml ...
>
>   The log statements (System.out.println()) I have in my login module show
> that the user is authenticated and that the correct roles are added to the
> subject. BUT : I still get a 403 when trying to access my servlets.
>
>   I installed a log4j logger for Tomcat as explained in
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html to get some
> more informations. The relevant lines are included below.
>
>   It seems the roles didnt get added, wich is not consistant with what I
> read in my LoginModule doc ...
>
>   My context definition (in conf/server.xml) is :
> <Context path="/siems-ds"
>  
> docBase="/home/gehel/tecost/siems/siems/ds/target/siems-ds-0.1-SNAPSHOT.war
>/" privileged="true"
>   reloadable="true">
>   <Realm className="org.apache.catalina.realm.JAASRealm"
>          appName="SIEMS-ds"
>          userClassNames="ch.tecost.siems.jaas.UserPrincipal"
>          roleClassNames="ch.tecost.siems.jaas.RolePrincipal"
>          debug="99"/>
> </Context>
>
>
> the following code is used to add roles in the commit() method of the
> LoginModule, "subject" is the subject received in "initialize()"
>
>   log("adding roles ...");
>       Collection roleList = RolePrincipal.findByUser(DBAccess
>           .currentConnection(), userPrincipal);
>       for (Iterator it = roleList.iterator(); it.hasNext();) {
>         RolePrincipal role = (RolePrincipal) it.next();
>         log("Adding role : " + role.getName());
>         subject.getPrincipals().add(role);
>       }
>
>   Does anybody have any idea where i should be looking to find the solution
> ?
>
>  Thanks
>
>    Guillaume Lederrey
>
>
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase -  
> Checking constraint 'SecurityConstraint[SIEMS - Data Service protected
> area]' against GET /UserList --> true
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm -
> JAASRealm login requested for username "admin" using LoginContext for
> application "SIEMS-ds"
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Login
> context created admin
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - JAAS
> LoginContext created for username "admin"
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking
> Principal "admin" [ch.tecost.siems.jaas.UserPrincipal]
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm -
> Principal "admin" is a valid user class. We will use this as the user
> Principal. DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm
> - No valid role Principals found.
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Username
> "admin" successfully authenticated as Principal "{1}" -- Subject was
> created too
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase -  
> Checking roles admin
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking
> if user Principal "admin" possesses role "Root"
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - No roles
> Principals found. User Principal or Subject is null, or user Principal not
> in cache
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - No role
> found:  Root
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - Checking
> if user Principal "admin" possesses role "Admin"
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.JAASRealm - No roles
> Principals found. User Principal or Subject is null, or user Principal not
> in cache
>  DEBUG http-8080-Processor25 org.apache.catalina.realm.RealmBase - No role
> found:  Admin
>  DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> org.apache.catalina.session.ManagerBase - Start expire sessions
> StandardManager at 1109945560722 sessioncount 0
>  DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> org.apache.catalina.session.ManagerBase - Start expire sessions
> StandardManager at 1109945560722 sessioncount 0

-- 


Guillaume Lederrey
Informaticien Développement
Tecost - Technology Consulting Studies
Fribourg (Switzerland)
http://www.tecost.ch/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to