request.isUserInRole is the way to go. If you don't get "true", i suggest you first check getRemoteUser() to see if user is authenticated. Then check you correctly spelled role name, including case. Then check you have correct role mapping in web.xml (mapping from realm role names to webapp role) and the you are correctly using the webapp role name, not the realm role name! (best way to avoid this last problem is to use same name on both parts)
You are not supposed to access GenericPrincipal. Moreover, tomcat's implementation of isUserInRole() will just return the same a GenericPrincipal. As for copying catalina.jar to WEB-INF/lib, it won't work too. Instead of a class not found exception, you would get a class Cast Exception because your instance has been allocated by server classLoader while the class you try to convert to is allocated by webappClassLoader (same name, same package but different classloader). Btw, don't even ever think about moving anything from server/ to WEB-INF/lib. En l'instant précis du 28/09/07 09:14, janbanan s'exprimait en ces termes: > Hi, > > I'm having some problems with security roles in tomcat 5.5. The actual > url-pattern based protection works fine so presumably the config is ok. But > when I programatically try to check if the user belongs to a role I run into > problems. > > First the request.isUserInRole(String) method always returns false. After a > bit of searching I found that Tomcat has it's own implementation of the > Principal class, GenericPrincipal, which has the hasRole(String) method. > Now it turns out I cannot retrieve the GenericPrincipal object from the > request (class not found exception). This I found out is because the class > file is not loaded in the scope of the webapp. The workaround is to copy the > catalina.jar to the WEB-INF/lib folder. > > This seems very messy! I'd like to check with you guys is this really the > only way to check a users roles? Or am I doing something wrong? > > Thanks! > > Jan > > > > > -- http://www.noooxml.org/ --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
