Hey all,
I just got a JAASRealm working in Tomcat, successfully authenticating against
my loging module. In my login module, I am successfully storing a role
principal "manager" inside the authenticated subject, which Tomcat logging
confirms. Immediately after authentication, Tomcat then tries to authorize
the request to forward to the expected URL, which is protected by container
managed security (i.e. web.xml) and allowing access to role user "manager".
The problem is that even though I am successfully storing the role principal
for the manager role in my subject, Tomcat's RealmBase is not finding the
role, and authorization is failing, hence the request errors out. The log is
below, can anyone help me out with why this is failing?
Thanks,
Brad
20-10 13:59:06,322 DEBUG (JAASRealm.java:authenticate:393) -JAAS LoginContext
created for username "brado"
20-10 13:59:06,324 DEBUG (JAASRealm.java:createPrincipal:476) -Checking
Principal "Principal:
name=brado" [com.redbarnsoftware.web.security.UserPrincipal]
20-10 13:59:06,325 DEBUG (JAASRealm.java:createPrincipal:482) -Principal
"brado" is a valid user class. We will use this as the user Principal.
20-10 13:59:06,326 DEBUG (JAASRealm.java:createPrincipal:476) -Checking
Principal "Principal:
name=manager" [com.redbarnsoftware.web.security.RolePrincipal]
20-10 13:59:06,327 DEBUG (JAASRealm.java:createPrincipal:489) -Adding role
Principal "manager" to this user Principal's roles
20-10 13:59:06,341 DEBUG (JAASRealm.java:authenticate:402) -Username "brado"
successfully authenticated as Principal "{1}" -- Subject was created too
20-10 13:59:06,358 DEBUG (CoyoteAdapter.java:parseSessionCookiesId:410) -
Requested cookie session id is 43C9C12A1726C5075DD45209A3967014
20-10 13:59:06,359 DEBUG (SingleSignOn.java:invoke:342) -Process request for
'/iocaine/'
20-10 13:59:06,360 DEBUG (SingleSignOn.java:invoke:353) - Checking for SSO
cookie
20-10 13:59:06,361 DEBUG (SingleSignOn.java:invoke:373) - Checking for cached
principal for 91F06522EDD456D4AD2B0269570839A1
20-10 13:59:06,368 DEBUG (SingleSignOn.java:invoke:388) - No cached principal
found, erasing SSO cookie
20-10 13:59:06,369 DEBUG (RealmBase.java:findSecurityConstraints:461) -
Checking constraint 'SecurityConstraint[iocaine]' against
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,370 DEBUG (RealmBase.java:findSecurityConstraints:505) -
Checking constraint 'SecurityConstraint[iocaine]' against
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,371 DEBUG (RealmBase.java:findSecurityConstraints:571) -
Checking constraint 'SecurityConstraint[iocaine]' against
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,372 DEBUG (RealmBase.java:findSecurityConstraints:628) -
Checking constraint 'SecurityConstraint[iocaine]' against
GET //WEB-INF/jsp/index.jsp --> true
20-10 13:59:06,373 DEBUG (RealmBase.java:hasUserDataPermission:847) - User
data constraint has no restrictions
20-10 13:59:06,680 DEBUG (SingleSignOn.java:register:576) -Registering sso id
'1F6A37C1E95F8026BB25A6420E6B6B3A' for user 'brado' with auth type 'FORM'
20-10 13:59:06,698 DEBUG (SingleSignOn.java:associate:431) -Associate sso id
1F6A37C1E95F8026BB25A6420E6B6B3A with session
StandardSession[43C9C12A1726C5075DD45209A3967014]
20-10 13:59:06,703 DEBUG (RealmBase.java:hasResourcePermission:737) -
Checking roles Principal: name=brado
20-10 13:59:06,704 DEBUG (RealmBase.java:hasResourcePermission:766) -No role
found: manager
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
