tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Payne, George (ghp5h)" <gh...@eservices.virginia.edu>
Subject RE: FW: JNDIRealm and roleNested
Date Wed, 05 Aug 2009 13:38:38 GMT
I have tested this and it does exactly what I'd hoped.  I tested it with tomcat 6.0.20 as described,
and I also, in vain and probably inadvisable hopes I could stick with my yum-updateable RHEL
5.3 tomcat5.5 version, tested it with 5.5 (under server/lib).  It didn't throw an exception
in 5.5, but it didn't appear to do a recursive search, either. But, as I said, it works exactly
as advertised in 6.0.20.

If anyone  is interested in details, here is the realm I used (against a Domino ldap server):


<Realm
className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://myserver.law.virginia.edu:389"
   roleRecursionLimit="2"
   roleNested="true"
   roleBase=""
   roleSearch="(member={0})"
   roleSubtree="false"
   roleName="cn"
   userBase=""
   userSearch="(uid={0})"
   userSubtree="false"
   allRolesMode="authOnly"
/>


Results from my test jsp showing Principal.toString() and isUserInRole for a few roles.  Jqp1a
is in 2009jd which is nested in the "Students" group.

Old version of JNDIRealm:

userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Test Students,)]
user: jqp1a
isInStudents: false
isInFaculty: false
isInStaff: false
isIn2009JD: true
Logout

New Version

userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Students,Test Students,)]
user: jqp1a
isInStudents: true
isInFaculty: false
isInStaff: false
isIn2009JD: true
Logout

George Payne

-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Monday, August 03, 2009 12:36 PM
To: Tomcat Users List
Subject: Re: FW: JNDIRealm and roleNested

Mark Thomas wrote:
> 
>> ------- Original Message -------
>> From: "Payne, George (ghp5h)" <ghp5h@eservices.virginia.edu>
> 
>> I still don't know the answer to the questions I originally posed below, if anyone
can help, I'd very much appreciate it.
> 
> If I produced a binary patch for 6.0.20 and instructions on how to install it would you
be able to test it for us? Positive feedback would greatly increase the chances of this patch
getting into the 6.0.x branch.

George replied off-list that he would be willing to test this. So for
George and anyone else that wants to test this you'll need to do the
following.

1. Understand that this is development code, made available for testing
purposes. In no way should this be construed to be any form of ASF release.

2. Download and install Tomcat 6.0.20.

3. Create the following directory structure under CATALINA_HOME/lib:
org/apache/catalina/realm

4. Download this file:
http://people.apache.org/~markt/dev/JNDIRealm.class
and place it in the CATALINA_HOME/lib/org/apache/catalina/realm
directory you just created.

5. Re-read point 1 :)

6. Configure your JNDI realm as normal. There are some extra options.
Read through the code:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162
to see what they are.

6. Start Tomcat

7. Let us know how you get on.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message