0 Replies Latest reply on Jun 1, 2003 8:16 AM by geoff.hill

    Tomcat security not working in 3.2.2 from CVS

    geoff.hill Newbie

      If I'm not mistaken (and its quite possible that I am) the tomcat integration is broken in the CVS checkout at the moment.

      I have a simple webapp with some security constraints over some static content, configured up to use UsersRolesLoginModule. With the 3.2.1/TC4.1.24 release it works fine, but when I use the version I build from CVS (exact same configuration) it always fails.

      Further investigation revealed that JBossSecurityMgrRealm.authenticate is called with the wrong context ClassLoader - it has a Unified class loader instead of the webapp one (java.net.FactoryURLClassLoader) which was used by AbstractWebContainer to link the SecurityManager.

      This results in java:comp being empty (which I assume will stop EJB references and a bunch of other things from working, not just security).

      Is this just a transitional thing? Should I just use the release bundle for now? Can anyone tell me where to look to fix it? ...