Context.findChild and findChildren returns an instance of "Container". It looks like StandardWrapper extends Container, so I should be able to type cast it. The question is, is it always going to be an instance of StandardWrapper?
On Tue, Jul 18, 2017 at 6:40 PM, Mark Thomas <ma...@apache.org> wrote: > On 18/07/17 23:21, Alex O'Ree wrote: >> Nice, any idea which method I need to call? > > You already have the Context so you want > > Context.findChildren() > > for a list of all the Wrappers (and it is the wrapper object you need) or > > Context.findChild(String) > > for a specific Wrapper if you know the name. The name should be the name > used in web.xml to define the Servlet. > > Mark > > >> >> On Jul 18, 2017 3:54 PM, "Mark Thomas" <ma...@apache.org> wrote: >> >>> On 18/07/17 17:41, Alex O'Ree wrote: >>>> Alright, quick update on this. >>>> >>>> At this point, I have servlet context and a username running off the >>>> main tomcat http threads (quartz job) >>>> >>>>> StandardContext tomcat;////load from reflection from ApplicationContext >>> from ServletContext as ApplicationContextFacade >>>>> Realm realm = tomcat.getRealm() >>>> >>>> At this point, realm is a LockoutRealm that contains two child realms, >>>> the JNDI Realm and the standard UserDatabaseRealm >>>> >>>>> Principal user = realm.authenticate(username); >>>> >>>> At this point, the user object is populated and appears to have the >>>> roles attached to it (they are listed in the to String method). >>>> >>>>> realm.hasRole(new StandardWrapper(), user, role); >>>> >>>> This part returns false, if and only if the ldap membership matches >>>> exactly. Mapped roles via servlet/security-role-ref/role-link and >>>> role-name do not appear to be effect. >>>> >>>> I think this may have something to do with the Principal object not >>>> having a login context. Normally, this is available via a servlet, but >>>> this it is not. >>>> >>>> I think the root cause might be this line. >>>> https://github.com/apache/tomcat/blob/TOMCAT_7_0_42/ >>> java/org/apache/catalina/realm/RealmBase.java#L933 >>>> >>>> Which probably does the translation from the LDAP defined group or >>>> role into what the application is expecting. Am I on the right path >>>> here? >>> >>> Yes. If you check auth outside of a Servlet, the role mappings for the >>> Servlet won't apply. If you know which servlet to use for the role >>> mappings you can get that from the Context (Wrappers represent Servlets >>> and are children of the Context). >>> >>> Mark >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
