Here is the problem
The JAAS realm connects to the database perfectly, the username and password match, the session is authenticated. HOWEVER, none of the roles seem to fall into the Principal. Tomcat isInUserRole returns false for each role, and tomcat protection also does not see them.
Here is the scope configuration in Server.xml
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="TomcatTimedLogin"
userClassName="com.tagish.auth.TypedPrincipal"
roleClassNames="org.ovasp.java.jaas.RolePrincipal" />
Here is the login.config file
TomcatTimedLogin
{
org.owasp.java.jaas.TomcatTimedLogin required
useDS=true
dsJNDI="jdbc/resourceName"
dbDriver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
dbURL="jdbc:sqlserver://server\\DBSERVER;databaseName=DBName"
dbUser="username"
dbPassword="password"
debug=true
loginTable="loginTable"
clippingLevel="3"
interval="10"
loginQuery="SELECT UserID,Password FROM Users WHERE LogonUserName=? AND RetirementDate is null"
rolesQuery="SELECT Role.RoleDescription FROM User_Role,Role WHERE User_Role.UserID=? AND User_Role.RoleID=Role.RoleID";
};
And in catalina.properties I refer to a configuration similar to this
java.security.auth.login.config=file:///C:/config/login.config
When I start the application, I get the following message at the output of Debug, not sure why, since all classes must be accessible by the server
SEVERE: Class org.ovasp.java.jaas.RolePrincipal not found! Class not added.
Any help would be greatly appreciated. I already read the post after the publication and the textbook after the textbook, and those who have this problem do not have a published solution.
Btw, Tomcat 5.5, , , , ! OWASP (OWASPJaasLoginModule.jar). jar server/lib.