-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robin,
Robin Coe wrote: | The Tomcat code that is failing for my auth check is | (http://kickjava.com/src/org/apache/catalina/realm/RealmBase.java.htm): Are you sure this is your version? The 5.5.17 version of this file is available here: http://svn.apache.org/repos/asf/tomcat/container/tags/tc5.5.x/TOMCAT_5_5_12/catalina/src/share/org/apache/catalina/realm/RealmBase.java | } else if(!denyfromall) { | 787 | 788 for (int j = 0; j < roles.length; j++) { | 789 if (hasRole(principal, roles[j])) | 790 status = true; | 791 if( log.isDebugEnabled() ) | 792 log.debug( "No role found: " + roles[j]); | 793 } | 794 } The above code does not match what I see in the version from SVN, but it close enough. You're right: it calls hasRole, and the hasRole implementation is as shown below: | public boolean hasRole(Principal JavaDoc principal, String JavaDoc role) { | 851 | 852 // Should be overriten in JAASRealm - to avoid pretty inefficient conversions | 853 if ((principal == null) || (role == null) || | 854 !(principal instanceof GenericPrincipal)) | 855 return (false); etc. Assuming that the code continues beyond this point, /some/ type of log message should be expected. Given that no output is between the "Checking roles" log statement and "No role found: " statement, it looks like the Principal object might not be a GenericPrincipal. JAASRealm.createPrincipal returns a GenericPrincipal object, so this should be okay. Given than you are doing a lot of stuff through software and not configuration, is it possible that you are creating your own Principal object that is not checkable by RealmBase? | org.apache.catalina.realm.JAASRealm - Checking Principal "landscape" [com.kaleidescape.logdb.webapp.security.auth.UserGroupPrincipal] Yup. Looks like you are using a Principal not supported by RealmBase. Does UserGroupPrincipal extent GenericPrincipal? If not, you should ensure that it does, and that it properly implements hasRole(). | Since my UserGroupPrincipal implements Principal, it is castable to | GenericPrincipal. Not true, unless UserGroupPrincipal also extends GenericPrincipal. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgfWAMACgkQ9CaO5/Lv0PDjjwCfWZ7D9/43x03H0KkZMDik57kk mo8AoLtTo321eLx4AFzGQi/xGF/GgUK7 =5INN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]