I'm running a servlet which does user centric authentication using JAAS.
I.e.
I evaluate the client certificate used in the SSL session and map
the distinguished name within a login module to a role (implementation
of
interface java.security.Principal).
The first time I receive a request, I create a LoginContext and store it
in the
session. On each subsequent call I retrieve the LoginContext and perform
a login
in order to obtain a subject. The rest of the code is enclosed in a
PrivilegedAction,
which is done as follows:
Subject.doAsPrivileged(subject, new PrivilegedAction (
public Object run() {
// the code including calls
AccessController.checkPermission(somePermission)
}}, null);
I pass 'null' as AccessControlContext to let the framework generate a
new Context.
Everything worked fine under JDK1.3.1, Tomcat 3.3.1 and the JAAS
extension for
the JDK.
Now I'm using J2SDK1.4.1_02-b06 and Tomcat 4.1.18 and the following
problem occurs:
The first call AccessController.checkPermision(aPermission) within the
privileged
action results in a stack overflow, which causes tomcat to crash
silently. It seems
to step into a recursion, which does not and. I found out, that each
recursive
call accesses the Role object: It calles role.equals(), and then three
times role.getName().
For debugging purposes I inserted System.err.println's in the respective
methods. Since
tomcat crashes silently (no log entry, no exception), I was only able to
find out about
the stack overflow, by increasing the stack size for the VM and counting
the printed lines.
The problem only occurs when I use the role principal in a grant
statement (catalina.policy).
When I omit this grant and assigne the respective rights based on
codebases, everything works
fine (except that I have no user authorization).
Does anyone have any idea, why this could happen?
Best regards,
Marcus Lippert.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
