52846 – Programmatic login using UserDatabaseRealm returns 403 error.

Bug 52846 - Programmatic login using UserDatabaseRealm returns 403 error.

Summary: Programmatic login using UserDatabaseRealm returns 403 error.

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 7
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	trunk
Hardware:	All All

Importance:	P2 minor (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-03-07 08:40 UTC by Keiichi Fujino
Modified:	2012-03-07 09:25 UTC (History)
CC List:	0 users

Attachments
patch against 7.0 trunk (724 bytes, text/plain) 2012-03-07 08:46 UTC, Keiichi Fujino	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Keiichi Fujino 2012-03-07 08:40:46 UTC

IMHO,HttpServletRequest#login does not need to define a <login-config>.
NonLoginAuthenticator is used when <login-config> is not specified in HttpServletRequest#login. 

When UserDatabaseRealm is used, not GenericPrincipal but Memory User is set to a session.
In AuthenticatorBase#invoke, principal registered into a session is set to a request. 
Because MemoryUser is set to a request as principal, RealmBase#hasRole always returns false. 
As a result, 403 error is returned.

Comment 1 Keiichi Fujino 2012-03-07 08:46:26 UTC

Created attachment 28427 [details]
patch against 7.0 trunk

Comment 2 Keiichi Fujino 2012-03-07 09:25:24 UTC

Fixed in 7.0.x and will be in 7.0.27 onwards.