On 15.07.2017 00:46, Alex O'Ree wrote:
Hi Tomcat folks!
I have a use case where i have reoccuring background process (quartz
job) that needs to perform access control checks against a user
prinicple. Normally, user role membership is only accessible via one
of the http session, servlet request, objects, etc.
Question, is there a way to essentially perform the same task as
"isUserInRole" without the context object?
I don't necessarily know what the realm will be ahead of time, but it
will probably either be the jndi/ldap setup (with bind credentials) or
the default tomcat-users xml file realm.
My initial thoughts to solve this problem was to read server.xml
looking for realms nodes, then create instances of them using the same
configuration from server.xml then attempt to do some hackery to get
the roles of the user without performing an authentication challenge.
I'm not sure how feasible this is and it seems like a bit of work
(probably an easier solution)
I've also tried poking around to find a mbean that looks promising. I
eventually found that the realms are registered mbeans but i didn't
see any obvious solutions.
Hi.
I don't know if what you want to do as described above, is even possible while remaining
within the general HTTP protocol specification and/or the Java Servlet Specification.
But in any case, I believe that you should have a look at
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Single_Sign_On_Valve
to give you an idea of what is involved, and what the constraints are.
(Keep in mind that a Valve is a Tomcat-specific thing, not directly portable to another
Servlet Engine. But it does come into play *before* a request has been dispatched to a
particular application, which is what you seem to want here.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
