Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0-a1
    • Fix Version/s: 2.0-M1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Tomcat 5.0.24, J2SE 1.4.2_03

      Description

      As discussed on the Jetspeed developers mailinglist (thread starts with: http://nagoya.apache.org/eyebrowse/ReadMsg?listName=jetspeed-dev@jakarta.apache.org&msgNo=14605) the new behaviour of Tomcat 5 to set the ContextClassLoader in the JAASRealm to the server classloader prevents defining LoginModules within the context of an web app.

      As a quick solution to this problem the Tomcat 5 JAASRealm is going to be patched to revert back to the old Tomcat 4 handling.

      The preferred solution is that the Tomcat Team would do this themselves or provide it as an option. Someone should start discussing this with them....

      I'll provide a patch implementing the quick fix which will depend on the user property catalina.version.major=5 to be enforced upon the catalina server: when this condition is true a patched version of the Tomcat 5.0.24 JAASRealm.java revision 1.6 will be compiled into the $Tomcat/server/classes directory.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              adouma Ate Douma
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: