You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/01/20 16:18:03 UTC

DO NOT REPLY [Bug 16253] - Security roles in web.xml do not work with IIS

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16253>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16253

Security roles in web.xml do not work with IIS

nacho@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |REMIND



------- Additional Comments From nacho@apache.org  2003-01-20 15:18 -------
The idea was to use NT UserGroups as Roles, but never reached to conclusion, 
that is to read that Info gathered from Native-NT at Java Land ( they are 
transmited to tomcat over the wire but tomcat doenst get them from the AJP13 
packet), and use them as roles... Maybe you were the next person after me who 
needed this :)..

Unfortunately my tomcat time has reached 0 lately, i'll be unable to complete 
that feature in a timely fashion, ( we dont use Tomcat anymore for our Daily 
job sooooo, sorry :)

patches are welcomed :), thought ..

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Jk connector and security roles (was: DO NOT REPLY [Bug 16253] - Security roles in web.xml do not work with IIS)

Posted by Ari Suutari <ar...@syncrontech.com>.

Hi,

>
> Security roles in web.xml do not work with IIS

	Btw, I guess that it is impossible to use roles
	when one has apache as front end also.

> ------- Additional Comments From nacho@apache.org  2003-01-20 15:18 -------
> The idea was to use NT UserGroups as Roles, but never reached to
> conclusion, that is to read that Info gathered from Native-NT at Java Land
> ( they are transmited to tomcat over the wire but tomcat doenst get them
> from the AJP13 packet), and use them as roles...

	I already wrote a Jk2Realm, which was supposed to check that
	if request role is one of the groups transmitted from native side
	(the groups are in
	 HttpServletRequest.getAttribute("org.apache.tomcat.jk.roles"))
	but then I noticed that servlet request is not available in Realm.hasRole.

	So, maybe the right approach would be to add role information
	into CoyotePrincipal and just check against that in my Jk2Realm ?

	Also, to make my Jk2Realm to work I had to modify mbeans-descriptors.xml
	under catalina - which didn't feel right because the Jk2Realm 
	kind of belongs to jakarta-connectors, doesn't it ?

	I'm willing to make this work but as you can see, I need some
	ideas how to proceeed.

		Ari Suutari / Syncron Tech Oy
		Lappeenranta, Finland

	

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>