Uploaded image for project: 'OpenEJB'
  1. OpenEJB
  2. OPENEJB-901

Fixed broken isCallerInRole when using Tomcat JAASRealm with the TomcatSecurityService

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0
    • Fix Version/s: 3.1
    • Component/s: tomee
    • Labels:
      None
    • Environment:
      Ubuntu Linux 8.04, i386

      Description

      TomcatSecurityService currently uses only the default container Realm to authenticate users, ignoring a context-defined Realm.
      So, an user is correctly authenticated on the web application (for example, through j_security_check), but is not correctly authenticated in EJBs.
      Attached, is a war file and a jaas configuration file, which should have the system property java.security.auth.login.config set to it.
      To test, first authenticate by visiting http://localhost:8080/test/protected.jsp. Any username / password is validated, and the "user" role is granted. Then browse to http://localhost:8080/test/test, and a permission denied exception is thrown, because the role "user" is not granted.
      Another test is comment the @RolesAllowed("user") in TestServiceBean.sayHello() method. In this case, the isCallerInRole("user") is alwais false.

        Attachments

        1. test-updated.war
          12 kB
          Luis Fernando Planella Gonzalez
        2. test.war
          18 kB
          Luis Fernando Planella Gonzalez
        3. test.war
          18 kB
          Luis Fernando Planella Gonzalez
        4. realm.jar
          1 kB
          Dain Sundstrom
        5. jaas.conf
          0.1 kB
          Luis Fernando Planella Gonzalez
        6. ejb-examples.war
          28 kB
          Dain Sundstrom

          Activity

            People

            • Assignee:
              dain Dain Sundstrom
              Reporter:
              luisfpg Luis Fernando Planella Gonzalez
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: