Hey all, I just got a JAASRealm working in Tomcat, successfully authenticating against my loging module. In my login module, I am successfully storing a role principal "manager" inside the authenticated subject, which Tomcat logging confirms. Immediately after authentication, Tomcat then tries to authorize the request to forward to the expected URL, which is protected by container managed security (i.e. web.xml) and allowing access to role user "manager". The problem is that even though I am successfully storing the role principal for the manager role in my subject, Tomcat's RealmBase is not finding the role, and authorization is failing, hence the request errors out. The log is below, can anyone help me out with why this is failing?
Thanks, Brad 20-10 13:59:06,322 DEBUG (JAASRealm.java:authenticate:393) -JAAS LoginContext created for username "brado" 20-10 13:59:06,324 DEBUG (JAASRealm.java:createPrincipal:476) -Checking Principal "Principal: name=brado" [com.redbarnsoftware.web.security.UserPrincipal] 20-10 13:59:06,325 DEBUG (JAASRealm.java:createPrincipal:482) -Principal "brado" is a valid user class. We will use this as the user Principal. 20-10 13:59:06,326 DEBUG (JAASRealm.java:createPrincipal:476) -Checking Principal "Principal: name=manager" [com.redbarnsoftware.web.security.RolePrincipal] 20-10 13:59:06,327 DEBUG (JAASRealm.java:createPrincipal:489) -Adding role Principal "manager" to this user Principal's roles 20-10 13:59:06,341 DEBUG (JAASRealm.java:authenticate:402) -Username "brado" successfully authenticated as Principal "{1}" -- Subject was created too 20-10 13:59:06,358 DEBUG (CoyoteAdapter.java:parseSessionCookiesId:410) - Requested cookie session id is 43C9C12A1726C5075DD45209A3967014 20-10 13:59:06,359 DEBUG (SingleSignOn.java:invoke:342) -Process request for '/iocaine/' 20-10 13:59:06,360 DEBUG (SingleSignOn.java:invoke:353) - Checking for SSO cookie 20-10 13:59:06,361 DEBUG (SingleSignOn.java:invoke:373) - Checking for cached principal for 91F06522EDD456D4AD2B0269570839A1 20-10 13:59:06,368 DEBUG (SingleSignOn.java:invoke:388) - No cached principal found, erasing SSO cookie 20-10 13:59:06,369 DEBUG (RealmBase.java:findSecurityConstraints:461) - Checking constraint 'SecurityConstraint[iocaine]' against GET //WEB-INF/jsp/index.jsp --> true 20-10 13:59:06,370 DEBUG (RealmBase.java:findSecurityConstraints:505) - Checking constraint 'SecurityConstraint[iocaine]' against GET //WEB-INF/jsp/index.jsp --> true 20-10 13:59:06,371 DEBUG (RealmBase.java:findSecurityConstraints:571) - Checking constraint 'SecurityConstraint[iocaine]' against GET //WEB-INF/jsp/index.jsp --> true 20-10 13:59:06,372 DEBUG (RealmBase.java:findSecurityConstraints:628) - Checking constraint 'SecurityConstraint[iocaine]' against GET //WEB-INF/jsp/index.jsp --> true 20-10 13:59:06,373 DEBUG (RealmBase.java:hasUserDataPermission:847) - User data constraint has no restrictions 20-10 13:59:06,680 DEBUG (SingleSignOn.java:register:576) -Registering sso id '1F6A37C1E95F8026BB25A6420E6B6B3A' for user 'brado' with auth type 'FORM' 20-10 13:59:06,698 DEBUG (SingleSignOn.java:associate:431) -Associate sso id 1F6A37C1E95F8026BB25A6420E6B6B3A with session StandardSession[43C9C12A1726C5075DD45209A3967014] 20-10 13:59:06,703 DEBUG (RealmBase.java:hasResourcePermission:737) - Checking roles Principal: name=brado 20-10 13:59:06,704 DEBUG (RealmBase.java:hasResourcePermission:766) -No role found: manager --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]