tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ari Suutari <ari.suut...@syncrontech.com>
Subject Jk connector and security roles (was: DO NOT REPLY [Bug 16253] - Security roles in web.xml do not work with IIS)
Date Tue, 21 Jan 2003 09:36:21 GMT
Hi,

>
> Security roles in web.xml do not work with IIS

	Btw, I guess that it is impossible to use roles
	when one has apache as front end also.

> ------- Additional Comments From nacho@apache.org  2003-01-20 15:18 -------
> The idea was to use NT UserGroups as Roles, but never reached to
> conclusion, that is to read that Info gathered from Native-NT at Java Land
> ( they are transmited to tomcat over the wire but tomcat doenst get them
> from the AJP13 packet), and use them as roles...

	I already wrote a Jk2Realm, which was supposed to check that
	if request role is one of the groups transmitted from native side
	(the groups are in
	 HttpServletRequest.getAttribute("org.apache.tomcat.jk.roles"))
	but then I noticed that servlet request is not available in Realm.hasRole.

	So, maybe the right approach would be to add role information
	into CoyotePrincipal and just check against that in my Jk2Realm ?

	Also, to make my Jk2Realm to work I had to modify mbeans-descriptors.xml
	under catalina - which didn't feel right because the Jk2Realm 
	kind of belongs to jakarta-connectors, doesn't it ?

	I'm willing to make this work but as you can see, I need some
	ideas how to proceeed.

		Ari Suutari / Syncron Tech Oy
		Lappeenranta, Finland

	

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message