Menu

SecurityFilter & Catalina Realm (JDBC & JNDI)

Open Discussion
Ivan Latysh
2005-12-12
2013-04-15

  • Ivan Latysh

    Ivan Latysh - 2005-12-12

    I was unable to use current SecurityFilter implementation with catalina DataSourceRealm. The problem arise because SecurityFilter does instantiate realm on it's own. So only container independant realm can be used, and DataSourceRealm that depends on Catalina Naming and container itself could not be used.

    I am proposing to make the changed to allow container dependant Realm to be used with SecurityFilter.

    The simpliest way is to decouple SecurityFilter from configuration and allow to have a container dependant adapter that will take care of configuring SecurityFilter, this way we preserve existing users who use SecurityFilter configuration file, and accomodate more integration scenario.

    Also it will address issue of SSO solution with Security filter.

    2Max: Please comment on this, would be nice to see your point of view.

     

    • Christopher Schultz

      Christopher Schultz - 2006-02-14

      I had the same problem with DataSourceRealm.

      See this forum post:
      http://sourceforge.net/forum/forum.php?thread_id=1406252&forum_id=200425

       

    • Frédéric Camblor

      Frédéric Camblor - 2007-05-21

      I'd like to "up" this thread since I encountered the same problematic.

      Firstly, my config : Tomcat 5.5 and JDK 1.5, Security Filter 2.0.

      When I declare my "Realm container" with the CatalinaRealmAdapter, and use some catalina Realm (such as MemoryRealm, DataSourceRealm, JNDIRealm etc...), I encounter a NullPointerException to org.apache.catalina.realm.RealmBase.init(RealmBase.java:1330) ... namely (looking at tomcat's source code) when the RealmBase call the method getLogger() on its "container" (it implies that the catalina's Realm container (the CatalinaRealmAdapter) has not been set :)

      When looking forward at the RealmBase's source code, we can see :
              this.containerLog = container.getLogger(); // The error is thrown here ...
              if( initialized && container != null ) return;
             
              initialized=true;
              if( container== null ) {
              // ... blablabla

      => So, we could infers that object "container" may be "null", (looking at the container==null test), nevertheless, getLogger() is called each time (even when it's null) .. hahem ;)

      I submitted the bug to the apache tomcat bug tracker :)

       

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.