tags:

views:

576

answers:

2
+3  Q: 

Tomcat: Implementing java.security.Principal

I am trying to create a custom realm in Tomcat. My problem is that there is a SessionAttributeListener as part of the framework which checks to see if any object added to the session is serializable, and if it isn't it causes problems... like invalidating the session.

Because org.apache.catalina.realm.GenericPrincipal is not serializable, I tried to write my own class that implements Principal and Serializable. This seems to be fine except if then try to use 

request.isUserInRole("user")

I get false for that, and any other role which the user should have. If I swap out GenericPrincipal for CustomPrincipal in my Valve class it returns true. So my question is:

  1. What is causing the false return?
  2. How do I use my own class instead of GenericPrincipal?
  3. Can I even do this?

Edit: Just to be clear, I actually already implemented this, The code in CustomPrincipal is exactly the same as GenericPrincipal, except it also implements Serializable. request.isUserInRole("user") returns false when in my Valve I have:

request.setUserPrincipal(new CustomPrincipal(args...));

but not when I do

request.setUserPrincipal(new GenericPrincipal(args...));

Any call to request.getUserPrincipal() will return CustomPrincipal when I am using that class.

+1  A: 

You need to give us more context. But notice that Principal is intended to be abstract anyway; KerberosPrincipal, for example, implements both Principal and Serializable, so there is some way to do it.

What isUserInRole does is wraps a request to the implementing class to see if the user -- identified by the Pricipal -- is really in that role. So I think the first thing might be to call getUserPrincipal and see what the servlet thinks the current Principal is.

Charlie Martin  2009-05-07 20:55:39
A: 

tu clase CustomPrincipal debe extender de GenericPrincipal, puesto que RealBase.hasRole checa que java.security.Principal sea de tipo GenericPrincipal.. he aqui la parte del codigo fuente

public boolean hasRole(Principal principal, String role) {

    if ((principal == null) || (role == null) ||
        !(principal instanceof GenericPrincipal))
        return (false);

    ...
}

en caso de que no desees extender de GenericPrincipal debes sobrecargar este metodo

i5arck  2009-10-22 06:09:37

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java