Cleaned up the naming/casing of the roles, it works and now I feel dumb. Thanks a lot!
David Delbecq-2 wrote: > > request.isUserInRole is the way to go. If you don't get "true", i > suggest you first check getRemoteUser() to see if user is authenticated. > Then check you correctly spelled role name, including case. Then check > you have correct role mapping in web.xml (mapping from realm role names > to webapp role) and the you are correctly using the webapp role name, > not the realm role name! (best way to avoid this last problem is to use > same name on both parts) > > You are not supposed to access GenericPrincipal. Moreover, tomcat's > implementation of isUserInRole() will just return the same a > GenericPrincipal. > > As for copying catalina.jar to WEB-INF/lib, it won't work too. Instead > of a class not found exception, you would get a class Cast Exception > because your instance has been allocated by server classLoader while the > class you try to convert to is allocated by webappClassLoader (same > name, same package but different classloader). > > Btw, don't even ever think about moving anything from server/ to > WEB-INF/lib. > > > En l'instant précis du 28/09/07 09:14, janbanan s'exprimait en ces termes: >> Hi, >> >> I'm having some problems with security roles in tomcat 5.5. The actual >> url-pattern based protection works fine so presumably the config is ok. >> But >> when I programatically try to check if the user belongs to a role I run >> into >> problems. >> >> First the request.isUserInRole(String) method always returns false. After >> a >> bit of searching I found that Tomcat has it's own implementation of the >> Principal class, GenericPrincipal, which has the hasRole(String) method. >> Now it turns out I cannot retrieve the GenericPrincipal object from the >> request (class not found exception). This I found out is because the >> class >> file is not loaded in the scope of the webapp. The workaround is to copy >> the >> catalina.jar to the WEB-INF/lib folder. >> >> This seems very messy! I'd like to check with you guys is this really the >> only way to check a users roles? Or am I doing something wrong? >> >> Thanks! >> >> Jan >> >> >> >> >> > > > -- > http://www.noooxml.org/ > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Security-roles-tf4532864.html#a12936876 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
