Summary: | JAAS module name is not allowed in jaas.conf file | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Alex Blewitt <alex_blewitt> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P3 | ||
Version: | 5.0.27 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
Alex Blewitt
2004-08-26 14:48:50 UTC
Of course, I meant 'name=name.substring(1)'. Can you point to the class or code in "Sun Security" that "barfs" at the leading slash please? Also if you could attach your suggested patch in .diff format, that'd be great. Thanks ;) I'm not sure I can find the code for the barf, because I don't have the Sun source code :-) I think the problem is in com.sun.security.auth.login.ConfigFile which is the class reading the jaas.config file (actually, the name isn't relevant -- it's the file pointed to by the URL in -Djava.security.auth.login.config or by default in ${user.home}/.java.login.config) The JavaDoc isn't up to much: ConfigFile is http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html which says it parses the file with the syntax described in: http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html and all it says in there is "Each entry in the Configuration is indexed via an application name. ApplicationName { ModuleClass Flag ModuleOptions; ModuleClass Flag ModuleOptions; ModuleClass Flag ModuleOptions; }; " So Tomcat is setting the name OK programmatically, but the ConfigFile parser only seems to allow [a-zA-Z]+ as the ApplicationName, so fails at the initial / Thus, if you try and use a config file: /MyAppRoot { com.example.LoginModule required; }; then the ConfigFile parser doesn't successfully read it. It seems that the ConfigFile uses lazy loading, so it doesn't parse the first login request when using JAAS. Sorry, can't paste in .diff format; I don't have the Tomcat source code on a machine with a '.diff' command -- I just eyeballed the problem to find out why the name was being set with a leading '/'. OK, done for both 5.0.29 and 5.5.3. My initial implementation is simply to remove leading slash if one is present. I made the relevant method protected so extenders of JAASRealm can easily modify this behavior. |