tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Benussi" <mark_benu...@hotmail.com>
Subject RE: Is it even possible to retrieve a custom user principal? (Was: Tomcat user principal)
Date Mon, 17 Oct 2005 21:39:19 GMT
If you're implementing JAAS... no. No idea about the rest. Its not supported
in Tomcat (But should be). Stick it in the session, and then you have to
override the Tomcat HttpRequestProcessor (isUserInRole()) to get your
Principal out of the session and call the validation.

-----Original Message-----
From: Brad O'Hearne [mailto:brado@neurofire.com] 
Sent: 17 October 2005 22:25
To: Brad O'Hearne
Cc: Tomcat Users List
Subject: Is it even possible to retrieve a custom user principal? (Was:
Tomcat user principal)

Hello,

As this has become a bit of a roadblock in implementing security, I'd 
like to ask anyone out there two things:

1) Is it even possible to use a custom user princpal within a realm that 
is retrievable within a servlet (via presumably the request or 
otherwise) in Tomcat?

2) If the answer to #1 is yes, how is this done? Does anyone have a 
working code snippet that demonstrates this?

Thanks, I'm about to head to the developer list to ask this question, as 
its pretty crucial for our security implementation.

Brad

Brad O'Hearne wrote:

> Response below:
>
> Wendy Smoak wrote:
>
>> From: "Brad O'Hearne" <brado@neurofire.com>
>>
>>> I would have expected that designation of the user class name would 
>>> have resulted in my being returned the class I specified for the 
>>> user class name from the requestion.getUserPrincpal() method, but it 
>>> doesn't.
>>
>>
>>
>> What version of Tomcat are you using?  As far as I know, it works the 
>> way you want on 5.0.28.  I remember trying it with and without the 
>> class name, and writing that comment to remind myself.
>>
>> Could this be it?  
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=37044
>>
> I am using 5.0.28, and I'm not seeing the expected behavior. 
> Hmmm.....was there anything else that has to be done to be able to 
> access your own custom user principal?
>
> Brad
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message