tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ari Suutari <>
Subject Jk connector and security roles (was: DO NOT REPLY [Bug 16253] - Security roles in web.xml do not work with IIS)
Date Tue, 21 Jan 2003 09:36:21 GMT

> Security roles in web.xml do not work with IIS

	Btw, I guess that it is impossible to use roles
	when one has apache as front end also.

> ------- Additional Comments From  2003-01-20 15:18 -------
> The idea was to use NT UserGroups as Roles, but never reached to
> conclusion, that is to read that Info gathered from Native-NT at Java Land
> ( they are transmited to tomcat over the wire but tomcat doenst get them
> from the AJP13 packet), and use them as roles...

	I already wrote a Jk2Realm, which was supposed to check that
	if request role is one of the groups transmitted from native side
	(the groups are in
	but then I noticed that servlet request is not available in Realm.hasRole.

	So, maybe the right approach would be to add role information
	into CoyotePrincipal and just check against that in my Jk2Realm ?

	Also, to make my Jk2Realm to work I had to modify mbeans-descriptors.xml
	under catalina - which didn't feel right because the Jk2Realm 
	kind of belongs to jakarta-connectors, doesn't it ?

	I'm willing to make this work but as you can see, I need some
	ideas how to proceeed.

		Ari Suutari / Syncron Tech Oy
		Lappeenranta, Finland


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message