Bug 63636 - Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()
Summary: Context#findRoleMapping() never called in StandardWrapper#findSecurityReferen...
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.43
Hardware: All All
: P2 major (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Blocks: 55477
  Show dependency tree
Reported: 2019-08-05 13:39 UTC by Michael Osipov
Modified: 2019-08-12 22:27 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2019-08-05 13:39:08 UTC
When a realm is declared within a context (context.xml) one can add role mappings with Context#addRoleMapping(). Unfortunately, these mappings are never queried when RealmBase#hasRole() is called. This should be done after  Wrapper#findSecurityReference() has been called.

This crucial when application developers use symbolic role names, but your backend store uses cryptic names like DNs or securiy IDs from Active Directory.

I have a working private patch which I will enrich with tests and will create a PR for it.
Comment 1 Michael Osipov 2019-08-12 14:13:07 UTC
The change has been moved to StandardWrapper#findSecurityReference() as agreed in the PR discussion in GitHub.
Comment 2 Michael Osipov 2019-08-12 22:27:39 UTC
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.97 onwards