On November 18, 2011 16:17 , Leo Donahue - PLANDEVX
<leodona...@mail.maricopa.gov> wrote:
Is is possible to ... or some other independent source for role
information?
> A sample using JNDI and active directory in the archives.
>
> http://www.mail-archive.com/users@tomcat.apache.org/msg74641.html
And a SQL server DataSource Realm example also:
http://www.mail-archive.com/users@tomcat.apache.org/msg75265.html Last post.
The solutions at those links perform both authentication and role-based
authorization. I need just the ability to perform role-based
authorization when tomcatAuthentication="false" for a connector. Am I
missing something described in one of the messages linked above?
I turned on all logging for catalina realms and authenticators and found
that when tomcatAuthentication="true" then in
org.apache.catalina.realm.RealmBase hasResourcePermission(),
request.getPrincipal() returns an object of class GenericPrincipal, but
when tomcatAuthentication="false" it returns an object of class
CoyotePrincipal. And the CoyotePrincipal class does not support roles.
Any advice on how to solve this problem? I need Tomcat 6 to use the
authentication performed by the front-end webserver without breaking the
roles required by the Tomcat Manager webapp.
Here is what happens when tomcatAuthentication="true" and the Tomcat
Manager webapp works:
Nov 21, 2011 1:35:08 PM
org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling authenticate()
Nov 21, 2011 1:35:08 PM
org.apache.catalina.authenticator.AuthenticatorBase register
FINE: Authenticated 'markmont' with type 'BASIC'
Nov 21, 2011 1:35:08 PM
org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling accessControl()
Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase
hasResourcePermission
FINE: Checking roles GenericPrincipal[markmont(admin,manager,)]
Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase
hasResourcePermission
FINE: Role found: manager
And here is what happens when tomcatAuthentication="false" and the
Tomcat Manager webapp breaks:
Nov 21, 2011 1:27:49 PM
org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling authenticate()
Nov 21, 2011 1:27:49 PM
org.apache.catalina.authenticator.BasicAuthenticator authenticate
FINE: Already authenticated 'markmont'
Nov 21, 2011 1:27:49 PM
org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling accessControl()
Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase
hasResourcePermission
FINE: Checking roles CoyotePrincipal[markmont]
Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase
hasResourcePermission
FINE: No role found: manager
Nov 21, 2011 1:27:49 PM
org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Failed accessControl() test
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
