tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tanglin, Oliver" <OLIVER.TANG...@saic.com>
Subject RE: Possible to expose a Tomcat Realm instance through JNDI ?
Date Tue, 11 Jun 2013 16:23:10 GMT
I think I now understand your issue. I was faced with a similar problem and could not figure
out how to get the roles of an authenticated user through the servlet API.

It seems to only allow the question 'request.isUserInRole(role)'. But does not seem to provide
a way to get a list of roles that the user is in.

I used a kludge whereby I defined the valid roles in a context init parameter (bad duplication
of effort). Then used 'request.isUserInRole(role)'. I did not think to cast the 'request.getUserPrincipal()'
return value.

Please post if your methodology works.

Oliver



-----Original Message-----
From: users-return-242241-OLIVER.TANGLIN=saic.com@tomcat.apache.org on behalf of Tobias Gierke
Sent: Tue 6/11/2013 12:07 PM
To: users@tomcat.apache.org
Subject: Re: Possible to expose a Tomcat Realm instance through JNDI ?
 
Hi Oliver,
> I don't think there is a HTTP Basic authentication realm. The authentication type is
declared in the <auth-method> of your web.xml and can be used in conjunction with a
number of different realm implementations.
>
> Exactly what do you mean by re-use? Does this mean you are doing authentication from
within your web app?
My application is exposing a SOAP service (through Spring-WS servlet) 
for which I want to do method-level access control. Since the service 
endpoint already uses container-based HTTP Basic authentication, I'd 
like to reuse the realm implementation (and configuration, obviously) in 
my own code to get hold of the user's roles.

I just found HttpServletRequest#getUserPrincipal() , maybe I can just 
downcast the result to org.apache.catalina.realm.GenericPrincipal and 
invoke getRoles() on this... ugly, but well... ;)

Cheers,
Tobi

>
> Oliver
>
>
>
> -----Original Message-----
> From: users-return-242237-OLIVER.TANGLIN=saic.com@tomcat.apache.org on behalf of Tobias
Gierke
> Sent: Tue 6/11/2013 11:20 AM
> To: users@tomcat.apache.org
> Subject: Possible to expose a Tomcat Realm instance through JNDI ?
>   
> Hi,
>
> In my web app, I'd like to re-use the (server-wide) Tomcat Realm that is
> already being used for HTTP Basic authentication but couldn't find a way
> how to get hold of the actual Realm instance.
>
> I spent quite some time looking for a solution (complicated by the fact
> that most Google hits actually referred to the LDAP authentication
> realm) but found none. Is  there a "config-file-only" solution or do I
> need to dig into the Tomcat source code and come up with my own JNDI
> ObjectFactory to achieve this ?
>
> Cheers,
> Tobias
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Tobias Gierke
Development

VOIPFUTURE GmbH   Wendenstra├če 4   20097 Hamburg,  Germany
Phone +49 40 688 900 111 Mobile +49 172 323 06 11 Fax +49 40 688 900 199
Email jan.bastian@voipfuture.com   Web http://www.voipfuture.com
  
CEO Jan Bastian
	
Commercial Court AG Hamburg   HRB 109896, VAT ID DE263738086




Mime
View raw message