| Anonymous | Login | Signup for a new account | 04-23-2024 07:09 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004621 | [Resin] | major | always | 06-16-11 11:52 | 06-17-11 11:25 | ||||
| Reporter | dicr | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.20 | Product Version | 4.0.19 | ||||
| Product Build | |||||||||
| Summary | 0004621: Can't assign user roles with JaasAuthenticator | ||||||||
| Description |
I'm using JaasAuthenticator with my custom LoginModule, which add implementation of java.security.Principal as username and java.security.acl.Group with roles names to Subject as described here: http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/ [^] This works great in JBoss and Tomcat. But Resin's isUserInRole always return false because of implementation JaasAuthenticator.java: if (principal instanceof RolePrincipal) return ((RolePrincipal) principal).isUserInRole(role); else return "user".equals(role); } So, Resin recognize only those principal as roles, which is instance of com.caucho.server.security.RolePrincipal. This is not correct and cause application to become Resin-dependent. The specification does not define which principles are roles, but the use of standard JAAS classes for code portability is always preferable, then to bind to a particular web-server. Please, consider to use standard java.security.acl.Group as roles descriptor instead of platform-dependent com.caucho.server.security.RolePrincipal. |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0005320) dicr 06-16-11 12:02 |
common code looks like this: class MyPrinciple implements java.security.Principle and class MyGroup implements java.security.acl.Group this.subject.add(new MyPrinciple(username)); this.subject.add(new MyGroup("roles", new String[] { "admins", "managers", "user"}); To make it working in Resin I need to modify my code and tie it with Resin: this.subject.add(new MyPrinciple(username)); this.subject.add(new com.caucho.server.security.RolePrincipal("admins")); this.subject.add(new com.caucho.server.security.RolePrincipal("managers")); this.subject.add(new com.caucho.server.security.RolePrincipal("user")); Or patch JaasAuthenticator: if (principal instance of Group) return ((Group)principal).isMember(new Principal(role)); |
|
(0005323) ferg 06-17-11 11:25 |
server/1a08 |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 06-16-11 11:52 | dicr | New Issue | |
| 06-16-11 12:02 | dicr | Note Added: 0005320 | |
| 06-17-11 11:25 | ferg | Note Added: 0005323 | |
| 06-17-11 11:25 | ferg | Assigned To | => ferg |
| 06-17-11 11:25 | ferg | Status | new => closed |
| 06-17-11 11:25 | ferg | Resolution | open => fixed |
| 06-17-11 11:25 | ferg | Fixed in Version | => 4.0.20 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed. 27 unique queries executed. |  |
