Bug 52846 - Programmatic login using UserDatabaseRealm returns 403 error.
Summary: Programmatic login using UserDatabaseRealm returns 403 error.
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: Catalina (show other bugs)
Version: trunk
Hardware: All All
: P2 minor (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2012-03-07 08:40 UTC by Keiichi Fujino
Modified: 2012-03-07 09:25 UTC (History)
0 users

patch against 7.0 trunk (724 bytes, text/plain)
2012-03-07 08:46 UTC, Keiichi Fujino

Note You need to log in before you can comment on or make changes to this bug.
Description Keiichi Fujino 2012-03-07 08:40:46 UTC
IMHO,HttpServletRequest#login does not need to define a <login-config>.
NonLoginAuthenticator is used when <login-config> is not specified in HttpServletRequest#login. 

When UserDatabaseRealm is used, not GenericPrincipal but Memory User is set to a session.
In AuthenticatorBase#invoke, principal registered into a session is set to a request. 
Because MemoryUser is set to a request as principal, RealmBase#hasRole always returns false. 
As a result, 403 error is returned.
Comment 1 Keiichi Fujino 2012-03-07 08:46:26 UTC
Created attachment 28427 [details]
patch against 7.0 trunk
Comment 2 Keiichi Fujino 2012-03-07 09:25:24 UTC
Fixed in 7.0.x and will be in 7.0.27 onwards.