isUserInRole
I see that the session object is stored in the request object (request.getSession). And, I suppose, the methods such as isUserInRole from the request are actually querying the stuff from the session object. So, if the session is gone (invalidated), then there is no authorization info. Does this mean the authorization info is kept in the session object? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: isUserInRole
Hello Joby, My problem is not getting user name and logging in but rather I can't get the user's role using the function isUserInRole(). For whatever reason isUserInRole always returns a false. I tried isUserInRole(admin), isUserInRole(Administrarors), isUserInRole(Users) but I get false for all of them. I am trying to restrict some web pages to only allow administrator access. I can't put the user name and role in an xml file or using a database because of my company's security policy. I have to get the data from NTLM. Thanks again for your help. Forwarded Message Subject:RE: isUserInRole Date: Mon, 7 Feb 2005 08:46:40 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, To get user name... do as follows... %@ page import=java.security.Principal % And use in ur code as... % Principal p = request.getUserPrincipal(); out.println(p.getName()); % will print the name of the current user... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: isUserInRole
Hi Denny, I don't hav much idea abt NTLM, still... Hav u stored roles and the associated users in that file. Hav u specified that file as the file which contains user details in server.xml file... Check those things... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com -Original Message- From: Denny Lee [mailto:[EMAIL PROTECTED] Sent: Monday, February 07, 2005 9:40 PM To: tomcat-user@jakarta.apache.org Subject: RE: isUserInRole Hello Joby, My problem is not getting user name and logging in but rather I can't get the user's role using the function isUserInRole(). For whatever reason isUserInRole always returns a false. I tried isUserInRole(admin), isUserInRole(Administrarors), isUserInRole(Users) but I get false for all of them. I am trying to restrict some web pages to only allow administrator access. I can't put the user name and role in an xml file or using a database because of my company's security policy. I have to get the data from NTLM. Thanks again for your help. Forwarded Message Subject:RE: isUserInRole Date: Mon, 7 Feb 2005 08:46:40 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, To get user name... do as follows... %@ page import=java.security.Principal % And use in ur code as... % Principal p = request.getUserPrincipal(); out.println(p.getName()); % will print the name of the current user... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments.
RE: isUserInRole
Hi Denny, To get user name... do as follows... %@ page import=java.security.Principal % And use in ur code as... % Principal p = request.getUserPrincipal(); out.println(p.getName()); % will print the name of the current user... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com -Original Message- From: Denny Lee [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 9:20 PM To: tomcat-user@jakarta.apache.org; Joby Joseph (WT01 - TELECOM SOLUTIONS) Subject: isUserInRole Joby, Thanks for you reply. I have not tried request.isUserInRole(Denny). I was under the impression that role has to do with being admin or user. I can get the user name through the request.getRemoteUser() but I am still stuck with the role thing. ___ Subject: RE: isUserInRole question Date: Fri, 4 Feb 2005 08:35:22 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, U hav to use request.isUserInRole(Denny) to compare whether the user logged in is Denny or not Joby. -Original Message- From: Mario Winterer [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 3:13 AM To: Tomcat Users List Subject: Re: isUserInRole question Hi Denny! Which Realm do you use in server.xml? What are your web.xml-settings? Please post your configurations!!! Tex Hello, Thanks for your reply. When I use IE to bring up the page I get a dialogbox asking for user name and password. If I put in a user name and password of a user on the workstation I can login. The page shows the correct user name and says that I have successfully logged in. But I get 2 false for the isUserInRole statements. I don't know why that is the case. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
isUserInRole
Joby, Thanks for you reply. I have not tried request.isUserInRole(Denny). I was under the impression that role has to do with being admin or user. I can get the user name through the request.getRemoteUser() but I am still stuck with the role thing. ___ Subject: RE: isUserInRole question Date: Fri, 4 Feb 2005 08:35:22 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, U hav to use request.isUserInRole(Denny) to compare whether the user logged in is Denny or not Joby. -Original Message- From: Mario Winterer [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 3:13 AM To: Tomcat Users List Subject: Re: isUserInRole question Hi Denny! Which Realm do you use in server.xml? What are your web.xml-settings? Please post your configurations!!! Tex Hello, Thanks for your reply. When I use IE to bring up the page I get a dialogbox asking for user name and password. If I put in a user name and password of a user on the workstation I can login. The page shows the correct user name and says that I have successfully logged in. But I get 2 false for the isUserInRole statements. I don't know why that is the case. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: isUserInRole question
Hello,
Thanks for your reply. When I use IE to bring up the
page I get a dialogbox asking for user name and
password. If I put in a user name and password of a
user on the workstation I can login. The page shows
the correct user name and says that I have
successfully logged in. But I get 2 false for the
isUserInRole statements. I don't know why that is the
case.
Thanks.
-
Hi!
I'm not sure, but I think your code is OK. The
question is: How did you
configure your security realm in web.xml and
server.xml.
(request.isUserInRole only works, if the user has
already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet
{
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form
data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: isUserInRole question
Use a debugger, set a breakpoint in your code and examine the
principle that represents the user. IIRC, the request has a reference
to the user principle.
On Thu, 3 Feb 2005 08:54:20 -0800 (PST), Denny Lee [EMAIL PROTECTED] wrote:
Hello,
Thanks for your reply. When I use IE to bring up the
page I get a dialogbox asking for user name and
password. If I put in a user name and password of a
user on the workstation I can login. The page shows
the correct user name and says that I have
successfully logged in. But I get 2 false for the
isUserInRole statements. I don't know why that is the
case.
Thanks.
-
Hi!
I'm not sure, but I think your code is OK. The
question is: How did you
configure your security realm in web.xml and
server.xml.
(request.isUserInRole only works, if the user has
already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet
{
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form
data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: isUserInRole question
Hi Denny!
Which Realm do you use in server.xml? What are your web.xml-settings?
Please post your configurations!!!
Tex
Hello,
Thanks for your reply. When I use IE to bring up the
page I get a dialogbox asking for user name and
password. If I put in a user name and password of a
user on the workstation I can login. The page shows
the correct user name and says that I have
successfully logged in. But I get 2 false for the
isUserInRole statements. I don't know why that is the
case.
Thanks.
-
Hi!
I'm not sure, but I think your code is OK. The
question is: How did you
configure your security realm in web.xml and
server.xml.
(request.isUserInRole only works, if the user has
already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet
{
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form
data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
IsUserInRole Question
Here is my web.xml and server.xml. Thank you for your help! ?xml version=1.0 encoding=ISO-8859-1? web-app display-nameNtlmHttpAuthExample/display-name descriptionNtlmHttpAuthExample/description servlet servlet-nameNtlmHttpAuthExample/servlet-name servlet-classNtlmHttpAuthExample/servlet-class /servlet servlet-mapping servlet-nameNtlmHttpAuthExample/servlet-name url-pattern/servlet/NtlmHttpAuthExample/url-pattern /servlet-mapping filter filter-nameNtlmHttpFilter/filter-name filter-classjcifs.http.NtlmHttpFilter/filter-class init-param param-namejcifs.http.domainController/param-name param-valuecurry/param-value /init-param /filter filter-mapping filter-nameNtlmHttpFilter/filter-name url-pattern/*/url-pattern /filter-mapping /web-app ___ server.xml_ !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in the ClassLoader sense) of files to add to the default list. e.g. descriptors=/com/myfirm/mypackage/mbean-descriptor.xml -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of changeit for both the certificate and the keystore itself. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the enableLookups attribute to false. When DNS lookups are disabled, request.getRemoteHost() will return the String version of the IP address of the remote client. -- !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2
RE: isUserInRole question
Hi Denny,
U hav to use request.isUserInRole(Denny) to compare whether the user
logged in is Denny or not
Joby.
-Original Message-
From: Mario Winterer [mailto:[EMAIL PROTECTED]
Sent: Friday, February 04, 2005 3:13 AM
To: Tomcat Users List
Subject: Re: isUserInRole question
Hi Denny!
Which Realm do you use in server.xml? What are your web.xml-settings?
Please post your configurations!!!
Tex
Hello,
Thanks for your reply. When I use IE to bring up the
page I get a dialogbox asking for user name and
password. If I put in a user name and password of a
user on the workstation I can login. The page shows
the correct user name and says that I have
successfully logged in. But I get 2 false for the
isUserInRole statements. I don't know why that is the
case.
Thanks.
-
Hi!
I'm not sure, but I think your code is OK. The
question is: How did you
configure your security realm in web.xml and
server.xml.
(request.isUserInRole only works, if the user has
already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet
{
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form
data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Confidentiality Notice
The information contained in this electronic message and any attachments to
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL
PROTECTED] immediately
and destroy all copies of this message and any attachments.
isUserInRole question
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet {
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: isUserInRole question
Hi!
I'm not sure, but I think your code is OK. The question is: How did you
configure your security realm in web.xml and server.xml.
(request.isUserInRole only works, if the user has already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet {
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Question on isUserInRole, getUserPrincipal
I have two JSPs. One is secured using security-constraint and the other is not. I can login properly and correctly call getUserPrincipal and isUserInRole. If the authenticated user then goes to the unsecured page those methods do not work. getUserPrincipal returns null and isUserIonRole always returns false. I would like to have personalization on the unsecured page if they happen to be authenticated when they visit that page. My first question is this, Is this the correct behavior that the Servlet spec defines? What is the recommended workaround for this problem? I am currently throwing information in the session, which does remain for the user. This example is run using the JBoss-3.0.3_Tomcat-4.1.12 release. I have not tried it under tomcat standalone because of the use of EJBs. Any help would be great. Ben Litchfield -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
isUserInRole returning incorrectd boolean under load
We're seeing a problem in JBoss-2.4.3_Tomcat-3.2.3 where HttpServletRequest@.isUserInRole(String):boolean is returning an incorrect boolean per what roles are set via our JAAS LoginModule (or JBoss'!). I have very detailed information bundled with a downloadable test case if anyone on this list is interested. I posted it in the JBoss forum here: http://www.jboss.org/forums/thread.jsp?forum=49thread=18592 I haven't tested yet if this is still a problem with the JBoss+Tomat4 bundle. Thanks everyone, David -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
isUserInRole() - Apache to Tomcat
I would like to map Apache groups to user roles in Tomcat. I would have thought that HttpServletRequest.isUserInRole(String roleName) would have done just this but it doesn't seem to. Is there a way to configure Tomcat to query Apache for this information? Am I out of luck? Any suggestions? Thanx, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
