tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ludovic Pénet <>
Subject Rereading roles for current principal
Date Sun, 01 Jan 2017 17:14:54 GMT

As kindly advised, I restart this question as a separate thread.

Is there a standard, easy way to reread roles for an authenticated user ?

The use case is as follow : I implement JSON web tokens (JWT) as a valve, generating it after
the container performed authentication and restoring principal when a valid token is passed.

I also use JWT as poor man SSO accross systems. But roles are not the same. I would like to
be able to read roles sometimes.

Of course, I know how to read the roles and could do that in the valve... But, IMHO, it is
something that should remain in the realm, for a cleaner separation.

Thanks in advance,

PS : and happy new year !
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message