You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Joseph Benjie C. Fabula" <jb...@adb.org> on 2003/03/11 10:41:51 UTC

Re: SingleSignOn with the Same Role Names [Correction]

correction on last sentence.



                                                                                                                    
                    "Joseph Benjie                                                                                  
                    C. Fabula"           To:     tomcat-user@jakarta.apache.org                                     
                    <jbfabula@adb.       cc:                                                                        
                    org>                 Subject:     SingleSignOn with the Same Role Names                         
                                                                                                                    
                    03/11/2003                                                                                      
                    05:25 PM                                                                                        
                    Please respond                                                                                  
                    to "Tomcat                                                                                      
                    Users List"                                                                                     
                                                                                                                    
                                                                                                                    




a quick thanks to the ASF and community in helping us build web apps using
open-source technology.
----------------------------------------------------------------------------------------------------


Encountered a minor problem with regards to deployment of webapp contexts
using SingleSignOn Valve in Tomcat 4.0.3/4.0.4/4.0.6.

I have 5 applications built on struts that reuses different modules
depending on the user requirements.  Have deployed the apps using a single
doc base e.g.

     <code>
          <valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="3" />
          <context path="/context1" docbase="maindoc" crossContext="true"
useNaming="true">
               <realm classname="customLDAP" ... />
          </context>
          <context path="/context2" docbase="maindoc" crossContext="true"
useNaming="true">
               <realm classname="customLDAP" ... />
          </context>
     </code>

Each of the context:
1.  uses a mapped role name e.g. admin, manager, editor, viewer, etc. from
LDAP.
2.  Some users have permission to particular URI's in context1 and some
does not have in context2 and so on as defined in web.xml.
3.  uses form-based login following the "j_security_check" spec.

I have noticed however that the Principal as taken from
request.getPrincipal() is not refreshed if I move from on context to
another either through a get or post -- it still has the Principal from
first context.  I have tried nesting the ..authenticator.FormAuthenticator
with cache="false" on each context but to no avail.

If I modify the mapped role names as specific to a context e.g.
admin-context1, admin-context2 and change it web.xml security descriptors
accordingly -- request.getPrincipal() becomes null.

Any ideas?



Thanks.







---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org