Implemented TomcatRolesPrincipalProvider #314
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Submitting this as a PR to start the conversation. Not sure if this is enough or whether more is needed.
The use case as I understand it... we want to be able to configure roles in the Tomcat tomcat-users.xml file that will be treated as principals for access to resources. A sample tomcat-users.xml file might look like:
With this TomcatRolesPrincipalProvider class, access to a FF4 object can be given to the aic-scraper role (as a principal):
And the fcindexer will not be able to access the object. When the aic-scraper role is added to the fcindexer user, though:
the fcindexer will then be able to access that object.
This is tested with Tomcat7... if my understanding of the needs of this ticket is correct, I can check to see what versions of Tomcat (6, etc.) are handled by it, or whether more code is needed to support them.
I'm also not quite sure how to write tests for this since it's a container specific thing (i.e., checks a Catalina class that won't be found in our Jetty dev environment). As you can see in the code, reflection is used to avoid container specific dependencies.
Awaiting feedback for possible revisions... thanks.