LMG wrote (per Mail):
[...] Are you sure you want to use the topic map to store user information, though?
You can use any authentication module you want to. Ontopia doesn't require you to use
this particular one. 

---

Which is the prefered way to do authentication with Ontopia? It would be nice if some
way of authentication worked out of the box.

There is no preference. Usually, customers have their own requirements (like Windows 
Domains or whatever), and so we've gone with that. The Topic Maps realm have been 
used for some customers who don't have anything pre-existing.

I agree that this realm *should* work out of the box. So this is a bug that needs to 
be fixed. However, we can't do it right now, because we're working on getting the 
project set up. In cases like that I always try to propose a workaround for the user 
in the meantime. In your case, the workaround is to use some other authentication 
method. :)

But we *will* fix this.

The TM-realm used to be the default out of the box, provided in the oks-realm.jar
located in the apache-tomcat/server/lib directory. A quick fix that helped me out was
copying the jar from an older OKS version. 

From what I can see the ontopia-realm.jar is part of the new Ontopia 5.0.0b2 
release: ontopia-5.0.0b2/apache-tomcat/server/lib/ontopia-realm.jar

Does this problem persist in Ontopia 5.0.0?

Just tried it myself, and, yes, the problem persists.

The same error message appears in the logs: 
javax.security.auth.login.LoginException: unable to find LoginModule 
class: net.ontopia.topicmaps.nav2.realm.TMLoginModule
        at javax.security.auth.login.LoginContext.invoke
(LoginContext.java:808)

server/lib does contain the ontopia-realm.jar, and that does contain the 
net.ontopia.topicmaps.nav2.realm.TMLoginModule class.

Not sure how to approach this, but it clearly is a bug, and the old fix clearly no 
longer works.

A user reports the following showing up in the logs on startup:

ERROR 2009-08-13 07:09:48,462 realm.JAASRealm - Class
net.ontopia.topicmaps.nav2.realm.UserPrincipal not found! Class not
added.
ERROR 2009-08-13 07:09:48,463 realm.JAASRealm - Class
net.ontopia.topicmaps.nav2.realm.RolePrincipal not found! Class not
added.

This might be the real cause of the problem. Need to investigate further.

Investigated these classes, but they are in the .jar and everything seems fine.

Tried googling possible causes, but came up empty-handed.

It may be that we have to post to one of the Tomcat mailing lists to see if we can 
get some help.

I ran into the same problem. An extra clue might be that I included a handmade jar into the server/lib directory 
that used to work in earlier versions (tried upto 3.4.4), but fails in 5.0.0. It could be that JAASRealm no longer 
searches the server/lib directory when looking for classes. Seems like a Tomcat issue indeed. 

I confirm the message in comment 7 from a clean version 5.0.0 install. The message is generated while reading 
the conf/server.xml file.

We've tracked this issue down to a difference in server/lib/catalina-optional.jar which contains 
org.apache.catalina.realm.JAASRealm. Google showed me that changes in that class seem to impact 
useContextClassLoader. Reverting to an earlier catalina-optional.jar solved this issue for us for now. We'll keep 
searching for a more elegant solution.

Great to finally see some progress on this issue. Even if this isn't the ideal fix, 
at least it gives some indication of what's wrong.

I'm transferring the issue to you, since you're the only one working actively on it 
right now.

Great if you can solve this. If you can do so quickly enough we can get the fix into 
5.0.1. Otherwise it'll wait for 5.0.2.

It is indeed the useContextClassLoader setting that causes this issue. Documentation is at the bottom of {ontopia}/webapps/tomcat-docs/config/realm.html. The 
default value 'true' turned out to cause a bug in Catalina, reported in https://issues.apache.org/bugzilla/show_bug.cgi?id=44084. Its fix in Tomcat 5.5.26 caused 
our issue from OKS 4.0.3 onwards.

Resolution is to add the attribute useContextClassLoader="false" in every "Realm" element with className="org.apache.catalina.realm.JAASRealm" in 
conf/server.xml. I've added the attribute in ontopia/ontopia/src/dist/tomcat/server.xml for the accessctl webapp in revision 459.

Verified that the fix worked. Excellent work! :)