Thanks Mark! Will take a look
On Fri, Oct 8, 2021, 5:01 AM Mark Thomas wrote:
> On 07/10/2021 18:37, Michael Kolenda wrote:
> > Hey Tomcat Users,
> >
> > I've run into an interesting behavior with a custom JASPIC provider. When
> > there is an existing session i.
Hey Tomcat Users,
I've run into an interesting behavior with a custom JASPIC provider. When
there is an existing session i.e. JSESSIONID cookie, It appears the
groups/roles are not checked again... even when the new groups are provided
in the client Subject (JASPIC's validate() ). When attempting
i recently did a JASPIC plugin for OIDC.
ended writing a simple authorization class that returned user roles based
on the request/Principal instead of trying to add JACC
arjan tijms guide is what i used for the most part
but you're right there is no decent Tomcat tutorial yet
On Wed, Jun 5,