Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004621 [Resin] major always 06-16-11 11:52 06-17-11 11:25
Reporter dicr View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 4.0.20 Product Version 4.0.19
  Product Build
Summary 0004621: Can't assign user roles with JaasAuthenticator
Description I'm using JaasAuthenticator with my custom LoginModule, which add implementation of java.security.Principal as username and java.security.acl.Group with roles names to Subject as described here: http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/ [^]
This works great in JBoss and Tomcat. But Resin's isUserInRole always return false because of implementation JaasAuthenticator.java:

    if (principal instanceof RolePrincipal)
      return ((RolePrincipal) principal).isUserInRole(role);
    else
      return "user".equals(role);
  }

So, Resin recognize only those principal as roles, which is instance of com.caucho.server.security.RolePrincipal. This is not correct and cause application to become Resin-dependent.

The specification does not define which principles are roles, but the use of standard JAAS classes for code portability is always preferable, then to bind to a particular web-server.

Please, consider to use standard java.security.acl.Group as roles descriptor instead of platform-dependent com.caucho.server.security.RolePrincipal.




Steps To Reproduce
Additional Information
Attached Files

- Relationships

- Notes
(0005320)
dicr
06-16-11 12:02

common code looks like this:

class MyPrinciple implements java.security.Principle
and
class MyGroup implements java.security.acl.Group

this.subject.add(new MyPrinciple(username));
this.subject.add(new MyGroup("roles", new String[] { "admins", "managers", "user"});

To make it working in Resin I need to modify my code and tie it with Resin:

this.subject.add(new MyPrinciple(username));
this.subject.add(new com.caucho.server.security.RolePrincipal("admins"));
this.subject.add(new com.caucho.server.security.RolePrincipal("managers"));
this.subject.add(new com.caucho.server.security.RolePrincipal("user"));

Or patch JaasAuthenticator:

if (principal instance of Group)
 return ((Group)principal).isMember(new Principal(role));
 
(0005323)
ferg
06-17-11 11:25

server/1a08
 

- Issue History
Date Modified Username Field Change
06-16-11 11:52 dicr New Issue
06-16-11 12:02 dicr Note Added: 0005320
06-17-11 11:25 ferg Note Added: 0005323
06-17-11 11:25 ferg Assigned To  => ferg
06-17-11 11:25 ferg Status new => closed
06-17-11 11:25 ferg Resolution open => fixed
06-17-11 11:25 ferg Fixed in Version  => 4.0.20


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker