I think I now understand your issue. I was faced with a similar problem and could not figure out how to get the roles of an authenticated user through the servlet API.
It seems to only allow the question 'request.isUserInRole(role)'. But does not seem to provide a way to get a list of roles that the user is in. I used a kludge whereby I defined the valid roles in a context init parameter (bad duplication of effort). Then used 'request.isUserInRole(role)'. I did not think to cast the 'request.getUserPrincipal()' return value. Please post if your methodology works. Oliver -----Original Message----- From: users-return-242241-OLIVER.TANGLIN=saic....@tomcat.apache.org on behalf of Tobias Gierke Sent: Tue 6/11/2013 12:07 PM To: users@tomcat.apache.org Subject: Re: Possible to expose a Tomcat Realm instance through JNDI ? Hi Oliver, > I don't think there is a HTTP Basic authentication realm. The authentication > type is declared in the <auth-method> of your web.xml and can be used in > conjunction with a number of different realm implementations. > > Exactly what do you mean by re-use? Does this mean you are doing > authentication from within your web app? My application is exposing a SOAP service (through Spring-WS servlet) for which I want to do method-level access control. Since the service endpoint already uses container-based HTTP Basic authentication, I'd like to reuse the realm implementation (and configuration, obviously) in my own code to get hold of the user's roles. I just found HttpServletRequest#getUserPrincipal() , maybe I can just downcast the result to org.apache.catalina.realm.GenericPrincipal and invoke getRoles() on this... ugly, but well... ;) Cheers, Tobi > > Oliver > > > > -----Original Message----- > From: users-return-242237-OLIVER.TANGLIN=saic....@tomcat.apache.org on behalf > of Tobias Gierke > Sent: Tue 6/11/2013 11:20 AM > To: users@tomcat.apache.org > Subject: Possible to expose a Tomcat Realm instance through JNDI ? > > Hi, > > In my web app, I'd like to re-use the (server-wide) Tomcat Realm that is > already being used for HTTP Basic authentication but couldn't find a way > how to get hold of the actual Realm instance. > > I spent quite some time looking for a solution (complicated by the fact > that most Google hits actually referred to the LDAP authentication > realm) but found none. Is there a "config-file-only" solution or do I > need to dig into the Tomcat source code and come up with my own JNDI > ObjectFactory to achieve this ? > > Cheers, > Tobias > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org -- Tobias Gierke Development VOIPFUTURE GmbH Wendenstraße 4 20097 Hamburg, Germany Phone +49 40 688 900 111 Mobile +49 172 323 06 11 Fax +49 40 688 900 199 Email jan.bast...@voipfuture.com Web http://www.voipfuture.com CEO Jan Bastian Commercial Court AG Hamburg HRB 109896, VAT ID DE263738086
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org