Hi, I have several Tomcat webapps which use SSO and the same Realm for authentication. All is working as expected, except that I now need to update roles for the user that's already been authenticated in the past. I seem to be able to do it successfully for a given request (by calling LoginContect.login and switching the principals in the subject), but for all subsequent requests isUserInRole returns false for new roles. The way I understand it, this is happening because a GenericPrincipal object, which JAASRealm created in the initial authenticate call, holds a copy of the original role list, and so on all subsequent calls SSO valve puts that GenericPrincipal into request and its getRoles, which is called by isUserInRole, accordingly, always returns the original list of roles. Is there any way for me to get around this? I don't seem to have any ability to update the roles in this GenericPrincipal object once it's put into SSO cache... Or, if there is no way to update the roles, can I force re-authentication without making the user re-enter userid/password (we do have those stored in SSO cache, I believe)?
Any help would be greatly appreciated. Thank you very much for your time, Natasha -- View this message in context: http://www.nabble.com/Updating-Roles-for-a-logged-in-user-while-using-SingleSignOn-tp25085139p25085139.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
