Summary: | One problem about the JAAS role check. | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Torr Liu <jjliu> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | hauser |
Priority: | P2 | ||
Version: | 5.5.17 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | other |
Description
Torr Liu
2006-04-20 11:18:42 UTC
This behaviour as as required by the spec. * == all roles defined in web.xml * != all roles defined in realm * != all authenticated users Hi Mark, I had the very same configuration as Torr nicely working before. Would it be possible to provide an example the illustrates how I can let all (client-cert) login attempts through (and only decide afterwards in my application logic whether I want them to succeed or not) and still be compliant to the specs? Thanks Ralf see also bug 37852, bug 37044, and Bug 34643 I can give you some pointers but my time to write some actual code is non-existant. This is a question for the users list. In fact it came up again yesterday. (http://marc.theaimsgroup.com/?l=tomcat-user&m=115503660912530&w=2) this can easily be solved by adding the following custom realm to your server.xml: public class ClientCertInAppRealm extends JAASRealm { public boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraints, Context context) throws IOException { return true; } } |