[GitHub] [tomcat] michael-o opened a new pull request, #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o opened a new pull request, #631:
URL: https://github.com/apache/tomcat/pull/631

   (no comment)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1246201219


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   Great, then I will proceed with the merge and start working on the draft.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on PR #631:
URL: https://github.com/apache/tomcat/pull/631#issuecomment-1610892466

   If there are no objections, I will merge this week.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on PR #631:
URL: https://github.com/apache/tomcat/pull/631#issuecomment-1612776954

   Merged manually.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["markt-asf (via GitHub)" <gi...@apache.org>]

markt-asf commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244833991


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244891581


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   
   Correct, that is a problem. I didn't now what features are available to make this happen. Let me look into the mention files.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244995761


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > > > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   > > 
   > > 
   > > @markt-asf While looking into this, I understand how the system works how `classpath:` is registered with the JVM, hoping that it will use the webapp's classpath, but I fail to see how to provide the `Context` to `org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it. Any pointers I could evaluate? I could of course first look into servlet context and then if not found pass to the `ConfigFileLoader`... (chaining basically)
   > 
   > Ok, so since the multiple location options are useful, then you can use the configuration source instead of the last fallback after checking for the webapp: prefix (I would argue "ok keep this one, but the other classpath prefix is then overkill"). The configuration source is a server level setting and so would have trouble accessing the Context object itself.
   
   Right, this is exactly what I do not. Let me also update the docs and push the branch.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o closed pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o closed pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
URL: https://github.com/apache/tomcat/pull/631


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244890559


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > In the specific case of this feature, it seems the only "real" location that makes sense would be the default one anyway. So I would simply remove the option to have it in random places and be done with it.
   
   I disagree, see my explanation below.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on PR #631:
URL: https://github.com/apache/tomcat/pull/631#issuecomment-1611007682

   > I like the idea of exposing this feature. I'm somewhat surprised that it isn't part of the specification but, unless I am reading the XSDs incorrectly, the spec only defines role-mapping on a per Servlet basis which seems odd to me.
   
   Correct and I consider the per-Servlet one as unusable if you have tens of them.
   
   > I'm not convinced an extra file configuration is necessary. This looks like something that could be a nested element in the context.xml file and implemented with an extra digester rule.
   
   Both should be possible because the file could be in the classpath which contains more than just the mapping. Just being int he context.xml it not available to the actual application, but just some Tomcat. In a future revision the source could be done flexible. At least in my usecase, having it in context.xml would force me to duplicate the mapping and that is unacceptable.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["rmaucher (via GitHub)" <gi...@apache.org>]

rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244989146


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   > 
   > @markt-asf While looking into this, I understand how the system works how `classpath:` is registered with the JVM, hoping that it will use the webapp's classpath, but I fail to see how to provide the `Context` to `org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it. Any pointers I could evaluate? I could of course first look into servlet context and then if not found pass to the `ConfigFileLoader`... (chaining basically)
   
   Ok, so since the multiple location options are useful, then you can use the configuration source instead of the last fallback after checking for the webapp: prefix (I would argue "ok keep this one, but the other classpath prefix is then overkill"). The configuration source is a server level setting and so would have trouble accessing the Context object itself.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245197279


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > Ok. I tried to find a spot to add a new call in the configuration source for a "public Resource getResource(Context context, String name)" but IMO this doesn't add anything and also there's no ideal spot for that.
   
   Correct, I would consider improving the `ConfigurationSource` a separate discussion which should not be solved here. If the class is being improved, I'd be happy to skim this class after that.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244891581


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   
   Correct, that is a problem. I didn't know what features are available to make this happen. Let me look into the mention files.



##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   
   Correct, that is a problem. I didn't know what features are available to make this happen. Let me look into the mentioned classes and try to rewrite it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["rmaucher (via GitHub)" <gi...@apache.org>]

rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244881448


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   In the specific case of this feature, it seems the only "real" location that makes sense would be the default one anyway. So I would simply remove the option to have it in random places and be done with it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244917856


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   
   @markt-asf While looking into this, I understand how the system works how `classpath:` is registered with the JVM, hoping that it will use the webapp's classpath, but I fail to see how to provide the `Context` to `org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it. Any pointers I could evaluate? I could of course first look into servlet context and then if not found pass to the `ConfigFileLoader`... (chaining basically)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on PR #631:
URL: https://github.com/apache/tomcat/pull/631#issuecomment-1611149722

   @rmaucher @markt-asf Incorporated your comments. Please have a look again.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["rmaucher (via GitHub)" <gi...@apache.org>]

rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245631182


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   After thinking about it for a bit, adding a helper method to the Context interface seemed like the way to go to me. This is helpful to allow more flexibility on location of configs that can be bundled in the webapp, and also it makes the ConfigurationSource API a bit more visible.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244917856


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   > This creates a new scheme for naming configuration files. It should instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending to include web application relative resources as they currently only support absolute file, files relative to $CATALINA_BASE, classpath and URI.
   
   @markt-asf While looking into this, I understand how the system works how `classpath:` is registered with the JVM, hoping that it will use the webapp's classpath, but I fail to see how to provide the `Context` to `org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it. Any pointers I could evaluate? I could of course first look into servlet context and then if not found pass to the `ConfigFileLoader`...



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["michael-o (via GitHub)" <gi...@apache.org>]

michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245695672


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   I see what you are after:
   `public Resource org.apache.catalina.Context#getResource(String)` which will probe for `webapp:` and the delegate to `ConfigFileLoader`?
   
   I will happily add this, but it should be a separate PR after this one. Then when the new PR is done, I can modify this listener and it will be its first use case. Is that OK for you?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["rmaucher (via GitHub)" <gi...@apache.org>]

rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245704486


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   Of course, this is a minor detail.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file

["rmaucher (via GitHub)" <gi...@apache.org>]

rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245185858


##########
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##########
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file.
+ * <p>
+ * This listener must only be nested within {@link Context} elements.
+ * <p>
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ * <p>
+ * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+    private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+    private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+

Review Comment:
   Ok. I tried to find a spot to add a new call in the configuration source for a "public Resource getResource(Context context, String name)" but IMO this doesn't add anything and also there's no ideal spot for that.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org