Hello,
finally I've found out why the JACC is not invoked for the simple servlet demo
application! First problem is that I need to mark the resource in web.xml as protected (or
use delegation to JACC for unprotected resources feature) and the second is as I think a
possible bug in JaccAuthorizationRealm.java in a package org.jboss.web.tomcat.security
The problem is that the class' CTOR contains:
| public JaccAuthorizationRealm()
| {
| policy = Policy.getPolicy();
| trace = log.isTraceEnabled();
| }
|
the problem is with policy variable. It's initialized at the construction time, but if
the JACC is not loaded yet, then the result is that policy contains reference to standard
java.security.Policy instance. When I've changed the code to replace all `policy.'
with `Policy.getPolicy().' in the class, then the code starts calling my JACC well
(after it's initialization of course).
Question is: is there any way how to prioritize initialization of JACC over the
initialization of builtin tomcat? If no, then the JaccAuthorizationRealm class should be
fixed probably.
What do you think?
Thanks,
Karel
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4209626#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...