You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/01/20 16:18:03 UTC
DO NOT REPLY [Bug 16253] -
Security roles in web.xml do not work with IIS
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16253>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16253
Security roles in web.xml do not work with IIS
nacho@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |REMIND
------- Additional Comments From nacho@apache.org 2003-01-20 15:18 -------
The idea was to use NT UserGroups as Roles, but never reached to conclusion,
that is to read that Info gathered from Native-NT at Java Land ( they are
transmited to tomcat over the wire but tomcat doenst get them from the AJP13
packet), and use them as roles... Maybe you were the next person after me who
needed this :)..
Unfortunately my tomcat time has reached 0 lately, i'll be unable to complete
that feature in a timely fashion, ( we dont use Tomcat anymore for our Daily
job sooooo, sorry :)
patches are welcomed :), thought ..
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Jk connector and security roles (was: DO NOT REPLY [Bug 16253] - Security roles in web.xml do not work with IIS)
Posted by Ari Suutari <ar...@syncrontech.com>.
Hi,
>
> Security roles in web.xml do not work with IIS
Btw, I guess that it is impossible to use roles
when one has apache as front end also.
> ------- Additional Comments From nacho@apache.org 2003-01-20 15:18 -------
> The idea was to use NT UserGroups as Roles, but never reached to
> conclusion, that is to read that Info gathered from Native-NT at Java Land
> ( they are transmited to tomcat over the wire but tomcat doenst get them
> from the AJP13 packet), and use them as roles...
I already wrote a Jk2Realm, which was supposed to check that
if request role is one of the groups transmitted from native side
(the groups are in
HttpServletRequest.getAttribute("org.apache.tomcat.jk.roles"))
but then I noticed that servlet request is not available in Realm.hasRole.
So, maybe the right approach would be to add role information
into CoyotePrincipal and just check against that in my Jk2Realm ?
Also, to make my Jk2Realm to work I had to modify mbeans-descriptors.xml
under catalina - which didn't feel right because the Jk2Realm
kind of belongs to jakarta-connectors, doesn't it ?
I'm willing to make this work but as you can see, I need some
ideas how to proceeed.
Ari Suutari / Syncron Tech Oy
Lappeenranta, Finland
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>