> > What is not working is: The external system has no role for the user. So, > the valve sets the GenericPrincipal with no roles. Therefore, the principal > is getting authorization denied (although authentication succeeds) because > we have granted to roles=role1, tomcat in web.xml file. > > (The userid of the external system and tomcat is the same - that is point of > match.) > > To solve this problem, I thought of writing a custom realm, which will be > programmed that if the Principal has null role, then it will get the roles > from the Tomcat realm.
You've already written a custom Valve, why bother to attempt half an integration with a Realm when you could just get look up and get the roles yourself, in the Valve? You're making your life very difficult. Dear pid, How do I get the roles of the user in the custom Valve? The custom valve talks with an external authentication system and gets the username. The external system does not store the roles. The authenticated username is then read in the Valve - it is one of the usernames in the tomcat Realm. Now, from here in the Valve, how do I get the roles of the user in the tomcat realm? Regards. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
