-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Carl Howells wrote:
| Is it possible to set the Principal and Roles for a session in a manner
| which will satisfy a <role-name> security constraint programmatically?
| At all? I don't mind ignoring the servlet spec and doing something
| tomcat-specific. This is something that vitally needs to be done on my
| project.
|
| Thanks for any solutions...
I did it by writing a filter that wrapped the incoming
HttpServletRequest with a HttpServletRequestWrapper if the client's
session contained a token placed there when they logged in. The token
is a subclass of
java.security.Principal, and the
HttpServletRequestWrapper overrides the getRemoteUser() isUserInRole()
and getUserPrincipal() methods.
HTH,
Victor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAvTDt8MW+BaXrmuERAv/KAJ9Jq3XpjNZr3ixbbjm0GozngFc56gCfcsai
xukh2MxbvHzV8JMI9r1lWdc=
=0dYP
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
