Re: [securityfilter-user] Security Filter and Tomcat 7
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Re: [securityfilter-user] Security Filter and Tomcat 7
|
From: Christopher S. <ch...@ch...> - 2011-09-29 20:09:05
|
Matt, On 9/1/2011 7:17 PM, Matthew Hixson wrote: > I am trying to get our webapp working with Tomcat 7 and am finding > that Security Filter is failing because it is compiled against an > older servlet spec. The servlet spec is backward-compatible, so that's not the issue. > Has Security Filter been obsoleted by Tomcat's > <security-constraint> support? <security-constraint> has been a part of the spec (it's not Tomcat-specific) since the beginning. No spec changes have altered the capabilities of securityfilter. > Sep 01 15:58:25 INFO thr:14 u:- c:org.apache.jsp.e_jsp m:_jspService --- IN E.JSP --- > java.lang.NoSuchMethodError: org.apache.catalina.Realm.hasRole(Ljava/security/Principal;Ljava/lang/String;)Z > at org.securityfilter.realm.catalina.CatalinaRealmAdapter.isUserInRole(CatalinaRealmAdapter.java:108) Tomcat's internal classes have changed. The CatalinaRealmAdapter was built originally for a Tomcat 4/5 integration and, unfortunately, over time it has diverged more and more from what sf expects and can use. One solution is to provide "adapter" classes for all versions of Tomcat (and WebLogic, and Jetty, and...). Another solution is to implement your own Realm yourself. That's what I have done: I have a DataSourceRealm built using some of Tomcat's code as a basis, but doesn't reference any of Tomcat's classes, etc. This code runs happily on versions of Tomcat going from 4.3 through the latest 7.0 (I know because I've been using sf in this way through all those versions... actually skipped 5.0 to don't take my word for it). I've been asked for my DataSourceRealm implementation a few times, so maybe it's time to put it into CVS. You can download it here at the bottom of the page: http://www.christopherschultz.net/projects/java/ -chris |
