In 5.5.12, the hasRole method in JAASRealm has been removed. Instead, it uses RealmBase's hasRole methd. In RealmBase's hasRole method, it the principal is not GenericPrincipal, it will return false. But in Request.getUserPrincipal method, there also a change, if userPrincipal is GenericPrincipal, it returns userPrincipal. Which means the framework use getUserPrincipal, and call JAASRealm(RealmBase)'s hasRole should always fail. Suggest to make the following change: in JAASRealm.java, add roleSet private instance variable, then in createPrincipal method, just after roles.add(principal.getName());, add "roleSet.add(principal);" then add hasRole method like following: public boolean hasRole(Principal principal, String role) { if (principal == null) { return false; } Iterator it = roleSet.iterator(); while (it.hasNext()) { Principal p = (Principal)it.next(); if (p.equals(principal)) { return true; } } return super.hasRole(principal, role); }
*** This bug has been marked as a duplicate of 37044 ***