Re: Application Realm in Tomcat
Via the spec - you can't query all the roles a user has. But you can say request.isUserInRole(rolename) If you *need* access to the realm, things start to get ugly. You need to start coding against Tomcat internal specific classes. -Tim maux wrote: Hi, I am doing a Java code. This code have to access to the realm that an application in Tomcat is using, after that the code have to access to that realm and look for the roles that exist in that database. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application Realm in Tomcat
If you purpose is to find the roles in the database wouldn't it be better just to query the database? What kind of realm are you using? If its something like the 'memory' realm then you can just read the file. If its a RDBM then a few lines of JDBC code or the use of a persistence manager would work. Regards Alan Tim Funk wrote: Via the spec - you can't query all the roles a user has. But you can say request.isUserInRole(rolename) If you *need* access to the realm, things start to get ugly. You need to start coding against Tomcat internal specific classes. -Tim maux wrote: Hi, I am doing a Java code. This code have to access to the realm that an application in Tomcat is using, after that the code have to access to that realm and look for the roles that exist in that database. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:47ab5f13234141497319589! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application Realm in Tomcat
Hello,
i happened in the past to be coding a specific real that had to provide
extra informations to webapp (like user fullname, email, roles, etc). I
could only do this using the userprincipal (created own subclass then
typcasted it at webapp level).
You simple CAN't query the realm, because the realm is in a different
classloader (server/lib) that is not accessible from webapp classloader.
Your webapp has no way to see the realm.
What you can do, however, is to use the security filter (google for it)
that is a webapp level implemented J2EE security specs implementation.
It run the realms at webapp level (so it's not tomcat anymore that
handle authentifcation) and allows you to cross the line between webapp
and authentification mecanisms.
However, the easiest and cleanest solution would be to just configure
you webapp so it so it knows what db to use :/
maux a écrit :
As Alan says, my purpose would be to query the database all the roles that it
contains. But i can´t do that if i don´t know what database an application
uses. So, my question is how can i know what database does an application
use? Maybe if i could know which realm the application is using, i could
access to the database. But how can i do this??
Thank you for all your help!!
mgainty wrote:
yes..Tough call without knowing what type of realm you will be
implementing
for (specifically would the realm be Memory or JDBC)
I found this jsp code for which will take the parameters role from the
request /verify / and output encoded string
% String role = request.getParameter(role); if (role == null) role =
;
if (role.length() 0) { if (request.isUserInRole(role)) { % You have
been
granted role %= util.HTMLFilter.filter(role) %
% }
which will output something like lt;admingt; assuming your are
requesting
admin access
HTH/
Martin--
- Original Message -
Wrom: YZUNNYCGPKYLEJGDGVCJVTLBXFGGMEP
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, February 07, 2008 2:40 PM
Subject: Re: Application Realm in Tomcat
Via the spec - you can't query all the roles a user has. But you can say
request.isUserInRole(rolename)
If you *need* access to the realm, things start to get ugly. You need to
start coding against Tomcat internal specific classes.
-Tim
maux wrote:
Hi,
I am doing a Java code. This code have to access to the realm
that an application in Tomcat is using, after that the code have to
access
to
that realm and look for the roles that exist in that database.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application Realm in Tomcat
As Alan says, my purpose would be to query the database all the roles that it
contains. But i can´t do that if i don´t know what database an application
uses. So, my question is how can i know what database does an application
use? Maybe if i could know which realm the application is using, i could
access to the database. But how can i do this??
Thank you for all your help!!
mgainty wrote:
yes..Tough call without knowing what type of realm you will be
implementing
for (specifically would the realm be Memory or JDBC)
I found this jsp code for which will take the parameters role from the
request /verify / and output encoded string
% String role = request.getParameter(role); if (role == null) role =
;
if (role.length() 0) { if (request.isUserInRole(role)) { % You have
been
granted role %= util.HTMLFilter.filter(role) %
% }
which will output something like lt;admingt; assuming your are
requesting
admin access
HTH/
Martin--
- Original Message -
Wrom: YZUNNYCGPKYLEJGDGVCJVTLBXFGGMEP
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, February 07, 2008 2:40 PM
Subject: Re: Application Realm in Tomcat
Via the spec - you can't query all the roles a user has. But you can say
request.isUserInRole(rolename)
If you *need* access to the realm, things start to get ugly. You need to
start coding against Tomcat internal specific classes.
-Tim
maux wrote:
Hi,
I am doing a Java code. This code have to access to the realm
that an application in Tomcat is using, after that the code have to
access
to
that realm and look for the roles that exist in that database.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Application-Realm-in-Tomcat-tp15334971p15343799.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application Realm in Tomcat
I just need to know the roles that an application uses.
I thougth i could look for the context.xml of the application and read the
file searching for Realm to see if the application has its own realm or if
i have to look for a Realm of an upper level.
I was looking for Realm because i thougth it was the only way to know what
roles an application could use, but my purpose is to know the roles (not the
roles for a specific user, i want all the roles that there are in the
database).
So, what is the best i can do?
Could you give more information about the userPrincipal? I don´t know
exactly what i could do with it.
Thank you very much for all!!
David Delbecq-2 wrote:
Hello,
i happened in the past to be coding a specific real that had to provide
extra informations to webapp (like user fullname, email, roles, etc). I
could only do this using the userprincipal (created own subclass then
typcasted it at webapp level).
You simple CAN't query the realm, because the realm is in a different
classloader (server/lib) that is not accessible from webapp classloader.
Your webapp has no way to see the realm.
What you can do, however, is to use the security filter (google for it)
that is a webapp level implemented J2EE security specs implementation.
It run the realms at webapp level (so it's not tomcat anymore that
handle authentifcation) and allows you to cross the line between webapp
and authentification mecanisms.
However, the easiest and cleanest solution would be to just configure
you webapp so it so it knows what db to use :/
maux a écrit :
As Alan says, my purpose would be to query the database all the roles
that it
contains. But i can´t do that if i don´t know what database an
application
uses. So, my question is how can i know what database does an application
use? Maybe if i could know which realm the application is using, i could
access to the database. But how can i do this??
Thank you for all your help!!
mgainty wrote:
yes..Tough call without knowing what type of realm you will be
implementing
for (specifically would the realm be Memory or JDBC)
I found this jsp code for which will take the parameters role from the
request /verify / and output encoded string
% String role = request.getParameter(role); if (role == null) role =
;
if (role.length() 0) { if (request.isUserInRole(role)) { % You have
been
granted role %= util.HTMLFilter.filter(role) %
% }
which will output something like lt;admingt; assuming your are
requesting
admin access
HTH/
Martin--
- Original Message -
Wrom: YZUNNYCGPKYLEJGDGVCJVTLBXFGGMEP
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, February 07, 2008 2:40 PM
Subject: Re: Application Realm in Tomcat
Via the spec - you can't query all the roles a user has. But you can
say
request.isUserInRole(rolename)
If you *need* access to the realm, things start to get ugly. You need
to
start coding against Tomcat internal specific classes.
-Tim
maux wrote:
Hi,
I am doing a Java code. This code have to access to the realm
that an application in Tomcat is using, after that the code have to
access
to
that realm and look for the roles that exist in that database.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Application-Realm-in-Tomcat-tp15334971p15346386.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
