|Summary:||principal replication problem in cluster|
|Product:||Tomcat 5||Reporter:||Dirk de Kok <dirk.dekok>|
|Component:||Catalina:Cluster||Assignee:||Tomcat Developers Mailing List <dev>|
Description Dirk de Kok 2005-08-17 11:32:45 UTC
when using clustering the Principal seems not to be replicated correctly It seems to be linked to the UserDatabaseRealm, using a o.a.c.users.MemoryUser principal instead of a GenericPrincipal see: http://email@example.com/msg74250.html
Comment 1 Peter Rossbach 2005-08-17 12:46:28 UTC
Now the UserDatabaseRealm also create GenericPrincipal class and at my test cases with basic login config at web.xml it works. OK, the set userPrincipal from GenericPrincipal are not transfered and this can be a problem. Please, can you checkout the last tomcat cvs head and test the fix? Thanks Peter
Comment 2 Dirk de Kok 2005-08-18 18:09:04 UTC
I tested it with the MemoryRealm settings using tomcat-users.xml for data of users, and the fix works. This with FORM authentication. however, we would like to use our custom JAAS login module. For this we programmed a module, and added 2 Principals to the config for user and role. These classes extend java.security.Principal. And this does not work yet. I think it has to do with the method createPrincipal(String username, Subject subject) in org.apache.catalina.realm.JAASRealm. All the other real implementations deal with GenericPrincipal, while here java.security.Principal is used.
Comment 3 Peter Rossbach 2005-08-22 11:21:37 UTC
Hmm, the JAASRealm.createPrincipal return a GenericPrincipal s. L.509 // Return the resulting Principal for our authenticated user return new GenericPrincipal(this, username, null, roles, userPrincipal); Can you better discribe your failure szenario?
Comment 4 Dirk de Kok 2005-08-22 11:52:06 UTC
it seems I was looking at (and using) the 5.5.9 stable source code, not the 5.5.10 HEAD. You are correct, this looks better. Let me do a new CVS checkout, build and test this was my error message: 107 55946 ERROR session.DeltaRequest - DeltaManager only support GenericPrincipal. Your realm used principal class com.lostboys.playground.common.security.UserPrincipal. and our UserPrincipal extends java.security.Principal (In reply to comment #3) > Hmm, > the JAASRealm.createPrincipal return a GenericPrincipal > s. L.509 > // Return the resulting Principal for our authenticated user > return new GenericPrincipal(this, username, null, roles, userPrincipal); > Can you better discribe your failure szenario?
Comment 5 Peter Rossbach 2005-10-20 08:41:35 UTC
*** Bug 34647 has been marked as a duplicate of this bug. ***
Comment 6 Peter Rossbach 2005-10-20 08:45:14 UTC
Currently we don´t support serialization from custom principals! I hope we can suppport this in a future release. Many thanx for your help Peter