JAAS authentication goes OK, but 403 occurs on requesting resources
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   liyi_meng
Posted On:   Sunday, March 30, 2008 07:22 AM

Hi all, I am trying JAAS in tomcat, but hit on a really frustrating problem right now. When login, authentication goes OK, but when requesting a resource, I always get 403 access denied! I try to print out httprequest.getRemoteUser in servlet, the username is correct there, however httprequest.isUserInRoles() always returns false :( I am wondering if I have dose something wrong in storing the Roles. Below is the code how I populate User and Role then save in Subject public boolean commit() throws LoginException { if (succeeded == false) { return false; } else { // add a Principal (authenticated i   More>>

Hi all,
I am trying JAAS in tomcat, but hit on a really frustrating problem right now.
When login, authentication goes OK, but when requesting a resource, I always get 403 access denied!


I try to print out httprequest.getRemoteUser in servlet, the username is correct there, however httprequest.isUserInRoles() always returns false :(



I am wondering if I have dose something wrong in storing the Roles.



Below is the code how I populate User and Role then save in Subject



			
public boolean commit() throws LoginException
{
if (succeeded == false)
{
return false;
} else
{
// add a Principal (authenticated identity)
// to the Subject
principals = new Principal[2];
principals[0] = new WebUser(username);
principals[1] = new WebRole("manager");

for(int i= 0 ; i < principals.length ; i++)
{
if (!subject.getPrincipals().contains(principals[i]))
subject.getPrincipals().add(principals[i]);
}
if (debug)
{
Set all = subject.getPrincipals();
Iterator i = all.iterator();
while(i.hasNext())
{
System.out.println(+ i.next().toString());
}
}

commitSucceeded = true;
return true;
}

}

The debug shows that both user and role are stored in subject. But Why tomcat is not recognized the role?!



If you ever see this kind of problem, please help!
I greatly appreciate!    <<Less
About | Sitemap | Contact