>> >> The custom valve talks with an external authentication system and gets the >> username. The external system does not store the roles. >> >> The authenticated username is then read in the Valve - it is one of the >> usernames in the tomcat Realm. Now, from here in the Valve, how do I get > the >> roles of the user in the tomcat realm? > > Which Realm are you trying to use? > > I am using a custom realm. I am not using any of the standard realms because > the authentication is not handled by the standard realms. > >
The reason I ask is that I wanted to know where you're storing the user/role information. I will assume that you are using a database. Actually no. In fact, I do not care. The Valve talks with an external authentication engine and gets the username. The back-end of the external engine is hidden from the tomcat. The Valve does a http redirection to the external form where users enter their login/password, and the same form authenticates against its own store, and redirects back to the tomcat valve. The valve then understands that it is authenticated (looking at http request) and so gets the userid. The external system does not store the tomcat realm roles. In your Valve, you could just replicate the internal processes* of the Realm to determine the roles and assign them to the Principal. * define & use SQL statements to look up the roles for the supplied username. So, what I can do is: in the valve, I will call the user respository of tomcat to see what all roles it has, and then set the principal. The same can be done by the custom realm. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
