tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex O'Ree" <alexo...@apache.org>
Subject Re: Getting user role membership without context
Date Sun, 16 Jul 2017 14:31:46 GMT
Thanks for the clarification. To add to my description....

I'm running a task on the users behalf on a background thread with a
task scheduler.  I need to get the roles when the task is ran in case
of a change in role membership between the time the task is scheduled
and when it is executed.

It looks like the Digester class loads server.xml and creates the
realms but it looks like it's almost entirely done with dynamic class
loading. I couldn't narrow down the point in code where Realms are
created. Perhaps there's a way to get a reference to the realm via
some static reference? I went through the code but could not find a
solution. I also tried extending the UserDatabaseRealm but was unable
to get it to fire up (new instance) due to the lack of the calling
infrastructure and requisite calls from higher up in the tomcat code
base.

Moving on, I was also poking around in JMX and found that the all
users are listed (and clear text passwords are available? not sure if
this is the case for digested or encrypt file stores).  From this
approach, i was able to parse the output and eventually found
attributes that list all roles a given user account has (success!).
What isn't clear is if this approach will work for LDAP (JNDI)
connections or kerberos setups, SSO setups, etc. It may also be
version specific to tomcat (running 7.0.76 at the moment). I'd
appreciate any feedback on this.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message