On 18/07/17 23:21, Alex O'Ree wrote: > Nice, any idea which method I need to call?
You already have the Context so you want Context.findChildren() for a list of all the Wrappers (and it is the wrapper object you need) or Context.findChild(String) for a specific Wrapper if you know the name. The name should be the name used in web.xml to define the Servlet. Mark > > On Jul 18, 2017 3:54 PM, "Mark Thomas" <ma...@apache.org> wrote: > >> On 18/07/17 17:41, Alex O'Ree wrote: >>> Alright, quick update on this. >>> >>> At this point, I have servlet context and a username running off the >>> main tomcat http threads (quartz job) >>> >>>> StandardContext tomcat;////load from reflection from ApplicationContext >> from ServletContext as ApplicationContextFacade >>>> Realm realm = tomcat.getRealm() >>> >>> At this point, realm is a LockoutRealm that contains two child realms, >>> the JNDI Realm and the standard UserDatabaseRealm >>> >>>> Principal user = realm.authenticate(username); >>> >>> At this point, the user object is populated and appears to have the >>> roles attached to it (they are listed in the to String method). >>> >>>> realm.hasRole(new StandardWrapper(), user, role); >>> >>> This part returns false, if and only if the ldap membership matches >>> exactly. Mapped roles via servlet/security-role-ref/role-link and >>> role-name do not appear to be effect. >>> >>> I think this may have something to do with the Principal object not >>> having a login context. Normally, this is available via a servlet, but >>> this it is not. >>> >>> I think the root cause might be this line. >>> https://github.com/apache/tomcat/blob/TOMCAT_7_0_42/ >> java/org/apache/catalina/realm/RealmBase.java#L933 >>> >>> Which probably does the translation from the LDAP defined group or >>> role into what the application is expecting. Am I on the right path >>> here? >> >> Yes. If you check auth outside of a Servlet, the role mappings for the >> Servlet won't apply. If you know which servlet to use for the role >> mappings you can get that from the Context (Wrappers represent Servlets >> and are children of the Context). >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
