I would like to let JAASRealm to load JAAS Configuration from a .properties file bundled in a web application (either in WEB-INF/classes or in any JAR on the classpath of the context) Actually (7.0.29) JAASRealm creates a LoginContext using the 2-args constructor loginContext = new LoginContext(appName, callbackHandler); I propose to add a new configuration parameter on JAASRealm to let it load a javax.security.auth.login.Configuration from the ContextClassLoader this new Configuration has to be passed to the 4-args constructor loginContext = new LoginContext(appName, subject, callbackHandler, configuration); http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/LoginContext.html#LoginContext%28java.lang.String,%20javax.security.auth.Subject,%20javax.security.auth.callback.CallbackHandler,%20javax.security.auth.login.Configuration%29
method parseClassNames in JAASRealm sometimes (not always) uses as ContextClassLoader this one WebappClassLoader context: /manager delegate: false repositories: ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@9fa0f19 In my case this causes JASSRealm not to find custom Principal classes (userClassNames and roleClassNames)
Created attachment 29274 [details] This is a subclass of JASSRealm that implements the feature
Created attachment 29275 [details] Patch on JAASRealm (tomcat 7 trunk) I tried to write a patch against JAASREalm.java (don't know if it is the correct format) Patch is for Tomcat 7 trunk this is what is does: - adds "configfile" property (will be resolved as ClassLoader.getResource().toURI) to require the use of a custom JAAS Configuration file - instantiates a "sun" ConfigFile (using Reflection) to have a Configuration - uses the 4-args constructor of LoginContext (in order to use the custom configuration) - sets a work-around for a bug in Realm setup (parseClassNames) because sometimes that method is not called with a good contextclassloader
(In reply to comment #1) > method parseClassNames in JAASRealm sometimes (not always) uses as > ContextClassLoader this one > > WebappClassLoader > context: /manager > delegate: false > repositories: > ----------> Parent Classloader: > org.apache.catalina.loader.StandardClassLoader@9fa0f19 > > In my case this causes JASSRealm not to find custom Principal classes > (userClassNames and roleClassNames) If your <Realm> is in conf/context.xml this behaviour is as expected, because the conf/context.xml file is shared by all web applications, including the Manager one. If you observe it is different circumstances, please file a separate bug report and include the stacktrace from the thread that calls parseClassNames. (If TCCL is set incorrectly by the calling thread that would be a bug).
Sorry, I was using TomEE (Tomcat + OpenEJB). With a raw Tomcat the problem does not happen, I reported this problem on OpenEJB list
Created attachment 29280 [details] Patch on JAASRealm (tomcat 7 trunk) Updating the patch, without the workaround for TomEE cl bug (that has been resolved too, in openejb trunk)
Thanks for the patch. It has been applied (with minor changes) to trunk and 7.0.x and will be included in 7.0.42 onwards. I also added some documentation for the new option.