Bug 52846 - Programmatic login using UserDatabaseRealm returns 403 error.
Programmatic login using UserDatabaseRealm returns 403 error.
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
trunk
All All
: P2 minor (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2012-03-07 08:40 UTC by Keiichi Fujino
Modified: 2012-03-07 09:25 UTC (History)
0 users



Attachments
patch against 7.0 trunk (724 bytes, text/plain)
2012-03-07 08:46 UTC, Keiichi Fujino
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Keiichi Fujino 2012-03-07 08:40:46 UTC
IMHO,HttpServletRequest#login does not need to define a <login-config>.
NonLoginAuthenticator is used when <login-config> is not specified in HttpServletRequest#login. 

When UserDatabaseRealm is used, not GenericPrincipal but Memory User is set to a session.
In AuthenticatorBase#invoke, principal registered into a session is set to a request. 
Because MemoryUser is set to a request as principal, RealmBase#hasRole always returns false. 
As a result, 403 error is returned.
Comment 1 Keiichi Fujino 2012-03-07 08:46:26 UTC
Created attachment 28427 [details]
patch against 7.0 trunk
Comment 2 Keiichi Fujino 2012-03-07 09:25:24 UTC
Fixed in 7.0.x and will be in 7.0.27 onwards.