https://bz.apache.org/bugzilla/show_bug.cgi?id=63636
Bug ID: 63636
Summary: Context#findRoleMapping() never called in
RealmBase#hasRole()
Product: Tomcat 8
Version: 8.5.43
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
When a realm is declared within a context (context.xml) one can add role
mappings with Context#addRoleMapping(). Unfortunately, these mappings are never
queried when RealmBase#hasRole() is called. This should be done after
Wrapper#findSecurityReference() has been called.
This crucial when application developers use symbolic role names, but your
backend store uses cryptic names like DNs or securiy IDs from Active Directory.
I have a working private patch which I will enrich with tests and will create a
PR for it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
