Return-Path: 
 <users-return-242241-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E49C4C9ED
	for <apmail-tomcat-users-archive@www.apache.org>;
 Tue, 11 Jun 2013 16:08:08 +0000 (UTC)
Received: (qmail 92361 invoked by uid 500); 11 Jun 2013 16:08:05 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 92278 invoked by uid 500); 11 Jun 2013 16:08:05 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 92268 invoked by uid 99); 11 Jun 2013 16:08:04 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2013 16:08:04 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [212.126.220.242] (HELO mail.voipfuture.com) (212.126.220.242)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2013 16:07:58 +0000
X-Footer: dm9pcGZ1dHVyZS5jb20=
Received: from [192.168.1.144] ([192.168.1.1])
	(authenticated user tgierke@voipfuture.com)
	by mail.voipfuture.com (Kerio Connect 8.1.1)
	for users@tomcat.apache.org;
	Tue, 11 Jun 2013 18:07:37 +0200
Message-ID: <51B74B50.3050405@voipfuture.com>
Date: Tue, 11 Jun 2013 18:07:44 +0200
From: Tobias Gierke <tobias.gierke@voipfuture.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: users@tomcat.apache.org
Subject: Re: Possible to expose a Tomcat Realm instance through JNDI ?
References: <51B74041.1020807@voipfuture.com>
 <5C3BE124CD01DF46A2CE02F8577480E609798116@0015-its-exmb10.us.saic.com>
In-Reply-To: 
 <5C3BE124CD01DF46A2CE02F8577480E609798116@0015-its-exmb10.us.saic.com>
Content-Type: multipart/alternative;
 boundary="------------020500090307080708040305"
X-Virus-Checked: Checked by ClamAV on apache.org

--------------020500090307080708040305
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Hi Oliver,
> I don't think there is a HTTP Basic authentication realm. The authentication type is declared in the <auth-method> of your web.xml and can be used in conjunction with a number of different realm implementations.
>
> Exactly what do you mean by re-use? Does this mean you are doing authentication from within your web app?
My application is exposing a SOAP service (through Spring-WS servlet) 
for which I want to do method-level access control. Since the service 
endpoint already uses container-based HTTP Basic authentication, I'd 
like to reuse the realm implementation (and configuration, obviously) in 
my own code to get hold of the user's roles.

I just found HttpServletRequest#getUserPrincipal() , maybe I can just 
downcast the result to org.apache.catalina.realm.GenericPrincipal and 
invoke getRoles() on this... ugly, but well... ;)

Cheers,
Tobi

>
> Oliver
>
>
>
> -----Original Message-----
> From: users-return-242237-OLIVER.TANGLIN=saic.com@tomcat.apache.org on behalf of Tobias Gierke
> Sent: Tue 6/11/2013 11:20 AM
> To: users@tomcat.apache.org
> Subject: Possible to expose a Tomcat Realm instance through JNDI ?
>   
> Hi,
>
> In my web app, I'd like to re-use the (server-wide) Tomcat Realm that is
> already being used for HTTP Basic authentication but couldn't find a way
> how to get hold of the actual Realm instance.
>
> I spent quite some time looking for a solution (complicated by the fact
> that most Google hits actually referred to the LDAP authentication
> realm) but found none. Is  there a "config-file-only" solution or do I
> need to dig into the Tomcat source code and come up with my own JNDI
> ObjectFactory to achieve this ?
>
> Cheers,
> Tobias
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Tobias Gierke
Development

VOIPFUTURE GmbH   Wendenstra�e 4   20097 Hamburg,  Germany
Phone +49 40 688 900 111 Mobile +49 172 323 06 11 Fax +49 40 688 900 199
Email jan.bastian@voipfuture.com   Web http://www.voipfuture.com
  
CEO Jan Bastian
	
Commercial Court AG Hamburg   HRB 109896, VAT ID DE263738086


--------------020500090307080708040305--