Hi Felix If isUserinRole has information to make determination to different component accesses in the application that would be sufficient - although, what I really need to know is what department or Organizational unit they belong to after authentication in order to give them specific page component accesses.
Any help on this is appreciated. -----Original Message----- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: Sunday, December 04, 2016 2:17 AM To: users@tomcat.apache.org Subject: Re: Tomcat Realm/LDAP - userRoles and Organization Unit name for authenticated users Am 04.12.2016 um 08:04 schrieb Taylor, Larry: > Hello, > > For Users that have authenticated from the Web Login page through Tomcat > Realm LDAP configuration is it possible to get the authenticated user's > ou=Organizational Unit or Department name? and also what their role names > are? I need this information to pass to a servlet or jsp page. > > I saw documentation about the java.security.Principal class but could not > find any documentation or examples on how to get this type of information > after users are authenticated. > > I am able to get the username with ${pageContext.request.userPrincipal.name} > & request.getRemoteUser(); but nothing about how to get the user's member > affiliations and roles. The standard way to get the roles is to iterate over your expected roles and ask for request.isUserInRole(role). The servlet spec has no API to get directly a list of roles. If you are willing to bind yourself to the implementation of JNDIRealm you could get the list of roles. But I don't recommend it, as that implementation is not guaranteed to stay stable. Do you really need to get the list, or is isUserInRole enough? Regards, Felix > > Any information or pointers on this is appreciated. > > > ________________________________ > Larry Taylor > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
