Roles don't make it into Tomcat when using Windows
javajedi Jun 9, 2005 12:27 PMJBoss 4.0.1
This is really bizarre. We've been using JAAS authentication with a variety of login modules for quite a while. Everything works fine under Linux. We have a new web app that needs to run on Windows. When we deploy the app on JBoss under Windows, the users can authenticate fine in Tomcat, but Tomcat loses all of the user's roles. I've tried this with a variety of login modules and a variety of web authentication methods (form, basic, etc.) Nothing works under Windows. It all works great under Linux. Any idea what's going on?? I turned on trace and debug and here's the relevant snippets of log messages when using the UsersRolesLoginModule and form-based authentication:
Linux:
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session 'DFB505752D102F5142A3FA3F1E31425A'
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'blah' with type 'FORM'
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.realm.RealmBase] Checking roles GenericPrincipal[blah(user,)]
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.realm.RealmBase] Username blah has role user
2005-06-09 12:03:55,997 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints
Windows:
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session 'DA6B324054950D0C421CBAFC48061A1D'^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'blah' with type 'FORM'^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking roles GenericPrincipal[blah()]^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.realm.RealmBase] Username blah does NOT have role user^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.realm.RealmBase] No role found: user^M
2005-06-09 11:34:26,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed accessControl() test^M
Notice that the GenericPrincipal that the RealmBase is checking on Linux looks like blah(user,) and the one on Windows looks like blah(). The "user" role is just vanishing on Windows.
These 2 systems are using the EXACT same JBoss installation, server config, and war file. The only difference is the OS. I'm about to start digging into the source code but thought I'd post a plea for help here first.