Bug 36218 - principal replication problem in cluster
Summary: principal replication problem in cluster
Status: RESOLVED WONTFIX
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina:Cluster (show other bugs)
Version: 5.5.9
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 34647 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-08-17 11:32 UTC by Dirk de Kok
Modified: 2005-10-20 00:45 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk de Kok 2005-08-17 11:32:45 UTC
when using clustering the Principal seems not to be replicated correctly
It seems to be linked to the UserDatabaseRealm, using a o.a.c.users.MemoryUser 
principal instead of a GenericPrincipal

see:
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg74250.html
Comment 1 Peter Rossbach 2005-08-17 12:46:28 UTC
Now the UserDatabaseRealm also create GenericPrincipal class
and at my test cases with basic login config at web.xml it works.

OK, the set userPrincipal from GenericPrincipal are not transfered and this can
be a problem. 

Please, can you checkout the last tomcat cvs head and test the fix?

Thanks
Peter
Comment 2 Dirk de Kok 2005-08-18 18:09:04 UTC
I tested it with the MemoryRealm settings using tomcat-users.xml for data of 
users, and the fix works. This with FORM authentication.

however,
we would like to use our custom JAAS login module. For this we programmed a 
module, and added 2 Principals to the config for user and role. These classes 
extend java.security.Principal. And this does not work yet.

I think it has to do with the method  createPrincipal(String username, Subject 
subject) in org.apache.catalina.realm.JAASRealm. All the other real 
implementations deal with GenericPrincipal, while here java.security.Principal 
is used.

Comment 3 Peter Rossbach 2005-08-22 11:21:37 UTC
Hmm,

the JAASRealm.createPrincipal return a GenericPrincipal
s. L.509
        // Return the resulting Principal for our authenticated user
        return new GenericPrincipal(this, username, null, roles, userPrincipal);

Can you better discribe your failure szenario?
Comment 4 Dirk de Kok 2005-08-22 11:52:06 UTC
it seems I was looking at (and using) the 5.5.9 stable source code, not the 
5.5.10 HEAD. You are correct, this looks better.  Let me do a new CVS checkout, 
build  and test

this was my error message:

107 55946 ERROR session.DeltaRequest  - DeltaManager only support 
GenericPrincipal. Your realm used principal class 
com.lostboys.playground.common.security.UserPrincipal.


and our UserPrincipal extends java.security.Principal



(In reply to comment #3)
> Hmm,
> the JAASRealm.createPrincipal return a GenericPrincipal
> s. L.509
>         // Return the resulting Principal for our authenticated user
>         return new GenericPrincipal(this, username, null, roles, 
userPrincipal);
> Can you better discribe your failure szenario?

Comment 5 Peter Rossbach 2005-10-20 08:41:35 UTC
*** Bug 34647 has been marked as a duplicate of this bug. ***
Comment 6 Peter Rossbach 2005-10-20 08:45:14 UTC
Currently we don´t support serialization from custom principals!
I hope we can suppport this in a future release.

Many thanx for your help
Peter