I have tested this and it does exactly what I'd hoped. I tested it with tomcat 6.0.20 as described, and I also, in vain and probably inadvisable hopes I could stick with my yum-updateable RHEL 5.3 tomcat5.5 version, tested it with 5.5 (under server/lib). It didn't throw an exception in 5.5, but it didn't appear to do a recursive search, either. But, as I said, it works exactly as advertised in 6.0.20.
If anyone is interested in details, here is the realm I used (against a Domino ldap server): <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://myserver.law.virginia.edu:389" roleRecursionLimit="2" roleNested="true" roleBase="" roleSearch="(member={0})" roleSubtree="false" roleName="cn" userBase="" userSearch="(uid={0})" userSubtree="false" allRolesMode="authOnly" /> Results from my test jsp showing Principal.toString() and isUserInRole for a few roles. Jqp1a is in 2009jd which is nested in the "Students" group. Old version of JNDIRealm: userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Test Students,)] user: jqp1a isInStudents: false isInFaculty: false isInStaff: false isIn2009JD: true Logout New Version userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Students,Test Students,)] user: jqp1a isInStudents: true isInFaculty: false isInStaff: false isIn2009JD: true Logout George Payne -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, August 03, 2009 12:36 PM To: Tomcat Users List Subject: Re: FW: JNDIRealm and roleNested Mark Thomas wrote: > >> ------- Original Message ------- >> From: "Payne, George (ghp5h)" <gh...@eservices.virginia.edu> > >> I still don't know the answer to the questions I originally posed below, if >> anyone can help, I'd very much appreciate it. > > If I produced a binary patch for 6.0.20 and instructions on how to install it > would you be able to test it for us? Positive feedback would greatly increase > the chances of this patch getting into the 6.0.x branch. George replied off-list that he would be willing to test this. So for George and anyone else that wants to test this you'll need to do the following. 1. Understand that this is development code, made available for testing purposes. In no way should this be construed to be any form of ASF release. 2. Download and install Tomcat 6.0.20. 3. Create the following directory structure under CATALINA_HOME/lib: org/apache/catalina/realm 4. Download this file: http://people.apache.org/~markt/dev/JNDIRealm.class and place it in the CATALINA_HOME/lib/org/apache/catalina/realm directory you just created. 5. Re-read point 1 :) 6. Configure your JNDI realm as normal. There are some extra options. Read through the code: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162 to see what they are. 6. Start Tomcat 7. Let us know how you get on. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org