Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004621 [Resin] major always 06-16-11 11:52 06-17-11 11:25
Reporter dicr View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.19
Summary 0004621: Can't assign user roles with JaasAuthenticator
Description I'm using JaasAuthenticator with my custom LoginModule, which add implementation of java.security.Principal as username and java.security.acl.Group with roles names to Subject as described here: http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/ [^]
This works great in JBoss and Tomcat. But Resin's isUserInRole always return false because of implementation JaasAuthenticator.java:

    if (principal instanceof RolePrincipal)
      return ((RolePrincipal) principal).isUserInRole(role);
    else
      return "user".equals(role);
  }

So, Resin recognize only those principal as roles, which is instance of com.caucho.server.security.RolePrincipal. This is not correct and cause application to become Resin-dependent.

The specification does not define which principles are roles, but the use of standard JAAS classes for code portability is always preferable, then to bind to a particular web-server.

Please, consider to use standard java.security.acl.Group as roles descriptor instead of platform-dependent com.caucho.server.security.RolePrincipal.




Additional Information
Attached Files

- Relationships

- Notes
(0005320)
dicr
06-16-11 12:02

common code looks like this:

class MyPrinciple implements java.security.Principle
and
class MyGroup implements java.security.acl.Group

this.subject.add(new MyPrinciple(username));
this.subject.add(new MyGroup("roles", new String[] { "admins", "managers", "user"});

To make it working in Resin I need to modify my code and tie it with Resin:

this.subject.add(new MyPrinciple(username));
this.subject.add(new com.caucho.server.security.RolePrincipal("admins"));
this.subject.add(new com.caucho.server.security.RolePrincipal("managers"));
this.subject.add(new com.caucho.server.security.RolePrincipal("user"));

Or patch JaasAuthenticator:

if (principal instance of Group)
 return ((Group)principal).isMember(new Principal(role));
 
(0005323)
ferg
06-17-11 11:25

server/1a08
 

- Issue History
Date Modified Username Field Change
06-16-11 11:52 dicr New Issue
06-16-11 12:02 dicr Note Added: 0005320
06-17-11 11:25 ferg Note Added: 0005323
06-17-11 11:25 ferg Assigned To  => ferg
06-17-11 11:25 ferg Status new => closed
06-17-11 11:25 ferg Resolution open => fixed
06-17-11 11:25 ferg Fixed in Version  => 4.0.20


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker