Hi, I'm having some problems with security roles in tomcat 5.5. The actual url-pattern based protection works fine so presumably the config is ok. But when I programatically try to check if the user belongs to a role I run into problems.
First the request.isUserInRole(String) method always returns false. After a bit of searching I found that Tomcat has it's own implementation of the Principal class, GenericPrincipal, which has the hasRole(String) method. Now it turns out I cannot retrieve the GenericPrincipal object from the request (class not found exception). This I found out is because the class file is not loaded in the scope of the webapp. The workaround is to copy the catalina.jar to the WEB-INF/lib folder. This seems very messy! I'd like to check with you guys is this really the only way to check a users roles? Or am I doing something wrong? Thanks! Jan -- View this message in context: http://www.nabble.com/Security-roles-tf4532864.html#a12935784 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
