tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From janbanan <>
Subject Security roles
Date Fri, 28 Sep 2007 07:14:32 GMT


I'm having some problems with security roles in tomcat 5.5. The actual
url-pattern based protection works fine so presumably the config is ok. But
when I programatically try to check if the user belongs to a role I run into

First the request.isUserInRole(String) method always returns false. After a
bit of searching I found that Tomcat has it's own implementation of the
Principal class, GenericPrincipal, which has the hasRole(String) method. 
Now it turns out I cannot retrieve the GenericPrincipal object from the
request (class not found exception). This I found out is because the class
file is not loaded in the scope of the webapp. The workaround is to copy the
catalina.jar to the WEB-INF/lib folder.

This seems very messy! I'd like to check with you guys is this really the
only way to check a users roles? Or am I doing something wrong?



View this message in context:
Sent from the Tomcat - User mailing list archive at

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message