I subclassed GenericPrincipal to add a getFullName() method. Then I came
accross the same problem, more or less, that Per had: trying to cast the
Principal returned by getUserPrincipal() on the request object to
MyPrincipal failed with a ClassCastException.
MyPrincipal mp = (MyPrincipal) request.getUserPrincipal(); //causes
ClassCastException
System.out.print(request.getUserPrincipal().getClass().toString(); //prints
xxx.xxx.MyPrincipal
This is because (I think) the classLoader used when the Principal was
created is not the same as is used by a web app.
Anyway, I got around this by using reflection. Per, if it's not way too late
already, you could try this:
String[] roles = (String[]) p.getClass().getMethod("getRoles",
null).invoke(p, null);
for (int i = 0; i < roles.length; i++) {
out.print(roles[i] + br);
}
---------------------------------------------------
From: Craig R. McClanahan
Subject: Re: [Q] Realms, Principals, et al...
Date: Mon, 12 Aug 2002 09:21:20 -0700
----------------------------------------
On Mon, 12 Aug 2002, Per Kreipke wrote:
> Date: Mon, 12 Aug 2002 12:38:12 -0400
> From: Per Kreipke <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [Q] Realms, Principals, et al...
>
> I have a couple of security questions:
>
> Q1:
> ===
>
> If GenericPrincipal isn't available from webapps, is there another way to
> get at the complete list of roles for a given user and their password?
>
Not from a webapp through a portable API. What you see (isUserInRole())
is what you get.
However, properly configured web.xml files will have <security-role>
elements for all of the role names that are referenced by that webapp, so
you might try reading them (by parsing /WEB-INF/web.xml) and trying all of
those names through isUserInRole(). Of course, that doesn't help you if
the webapp doesn't define them all ...
> I need the complete list of roles for the current user and password to
> implement a connector from Cocoon authentication to the container
> authentication.
>
It's not at all clear to me that every possible Realm implementation will
be able to articulate such a list -- or that the list won't change over
time. For example, it's perfectly feasible to implement a Realm that says
"user Joe has this role, but only from 8am to 5pm on weekdays". It sounds
like the Cocoon folks might want to do a little more thinking about their
design.
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
