Hello,
i happened in the past to be coding a specific real that had to provide
extra informations to webapp (like user fullname, email, roles, etc). I
could only do this using the userprincipal (created own subclass then
typcasted it at webapp level).
You simple CAN't query the realm, because the realm is in a different
classloader (server/lib) that is not accessible from webapp classloader.
Your webapp has no way to see the realm.
What you can do, however, is to use the security filter (google for it)
that is a webapp level implemented J2EE security specs implementation.
It run the realms at webapp level (so it's not tomcat anymore that
handle authentifcation) and allows you to cross the line between webapp
and authentification mecanisms.
However, the easiest and cleanest solution would be to just configure
you webapp so it so it knows what db to use :/
maux a écrit :
As Alan says, my purpose would be to query the database all the roles that it
contains. But i can´t do that if i don´t know what database an application
uses. So, my question is how can i know what database does an application
use? Maybe if i could know which realm the application is using, i could
access to the database. But how can i do this??
Thank you for all your help!!
mgainty wrote:
yes..Tough call without knowing what type of realm you will be
implementing
for (specifically would the realm be Memory or JDBC)
I found this jsp code for which will take the parameters role from the
request /verify / and output encoded string
<% String role = request.getParameter("role"); if (role == null) role =
"";
if (role.length() > 0) { if (request.isUserInRole(role)) { %> You have
been
granted role <%= util.HTMLFilter.filter(role) %>
<% }
which will output something like <admin> assuming your are
requesting
admin access
HTH/
Martin--
----- Original Message -----
Wrom: YZUNNYCGPKYLEJGDGVCJVTLBXFGGMEP
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, February 07, 2008 2:40 PM
Subject: Re: Application Realm in Tomcat
Via the spec - you can't query all the roles a user has. But you can say
request.isUserInRole(rolename)
If you *need* access to the realm, things start to get ugly. You need to
start coding against Tomcat internal specific classes.
-Tim
maux wrote:
Hi,
I am doing a Java code. This code have to access to the realm
that an application in Tomcat is using, after that the code have to
access
to
that realm and look for the roles that exist in that database.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]