-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Larry,
On 12/5/16 12:25 PM, Taylor, Larry wrote: > If isUserinRole has information to make determination to > different component accesses in the application that would be > sufficient - although, what I really need to know is what > department or Organizational unit they belong to after > authentication in order to give them specific page component > accesses. What if they belong to multiple organizational units or departments? Usually a user has multiple roles but only one CN, and certainly only one DN. Are you taking the CN/DN and removing some of it in order to obtain the user's "username"? If so, don't do that and use their whole CN/DN as their username and then parse it yourself to determine their organization unit, etc. As it stands, Tomcat's LDAP authenticator only provides two pieces of information that is visible to the application: username and (indirectly) list of roles. You might want to make another connection to your directory to look-up any additional information on that user to complete the set of metadata you want to use to customize the UI for each user. Hope that helps, - -chris > -----Original Message----- From: Felix Schumacher > [mailto:felix.schumac...@internetallee.de] Sent: Sunday, December > 04, 2016 2:17 AM To: users@tomcat.apache.org Subject: Re: Tomcat > Realm/LDAP - userRoles and Organization Unit name for authenticated > users > > Am 04.12.2016 um 08:04 schrieb Taylor, Larry: >> Hello, >> >> For Users that have authenticated from the Web Login page >> through Tomcat Realm LDAP configuration is it possible to get the >> authenticated user's ou=Organizational Unit or Department name? >> and also what their role names are? I need this information to >> pass to a servlet or jsp page. >> >> I saw documentation about the java.security.Principal class but >> could not find any documentation or examples on how to get this >> type of information after users are authenticated. >> >> I am able to get the username with >> ${pageContext.request.userPrincipal.name} & >> request.getRemoteUser(); but nothing about how to get the user's >> member affiliations and roles. > The standard way to get the roles is to iterate over your expected > roles and ask for request.isUserInRole(role). The servlet spec has > no API to get directly a list of roles. > > If you are willing to bind yourself to the implementation of > JNDIRealm you could get the list of roles. But I don't recommend > it, as that implementation is not guaranteed to stay stable. > > Do you really need to get the list, or is isUserInRole enough? > > Regards, Felix >> >> Any information or pointers on this is appreciated. >> >> >> ________________________________ Larry Taylor >> >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYUHWVAAoJEBzwKT+lPKRYGRsQAMVvdK9RXFyuwmzrn3+GhfBW j/klYRW2rD4+xOQdFw8swx7xoTT2fO0IstYkKg0bpgiOKKS5pns7p5XGp0SxcMKQ j0/a54lp+QDuLsAWcXnW+cRPCXhMLrgt9aTqZViwiQnU6qld8Pk/55HyyDFf1n64 jLV0BrNkQg/STojG4z45yqQpShK3UGmKXtBYPjXo5O12siGE8+c8USUi0fPrbMob HQt7QUaiMt4dQzeOjjjfl9bTE+REtG5DjnlKx6gT+LsRP3MlnljZAfTo23hSyIbQ JmFHmL0enChZFG85yUaf6JXMSX1bQNPIPB+ph8/liCWIVUQae/mT7xOAWw/DAEFq cHtDL1TywEqNy732wvSwZ022ylceA71yWpqU2+p1BadVqUPmNIYWE49q3/KjXrw/ mRNK/paHqTZ943eAet7YQ2N6FP2BZv8X0eJ6Ine4ml9HwNcWE6fcfzGNIdlGt4ZH j+9W4iABfgfbRMC58s8mXxyM1DgIUYOyTfH4O9Ip4MfJ3P/2iMrQdgpk0mt9N1tb 7YgMc5iaoPikj57fsfnbrQOvJK3zTZS0amEOu/5yz3JzW1CyURUJbsFchg+rhqaK Zr5dZwq9VJuqm8zW+ZMm2ZsfEhGJRZ2T+FvO//6aWnGRGALbob+irpG4twIyVoWs HrADC4ou0Hsf6W0jPM5y =7T+b -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
