When a realm is declared within a context (context.xml) one can add role mappings with Context#addRoleMapping(). Unfortunately, these mappings are never queried when RealmBase#hasRole() is called. This should be done after Wrapper#findSecurityReference() has been called. This crucial when application developers use symbolic role names, but your backend store uses cryptic names like DNs or securiy IDs from Active Directory. I have a working private patch which I will enrich with tests and will create a PR for it.
The change has been moved to StandardWrapper#findSecurityReference() as agreed in the PR discussion in GitHub.
Fixed in: - master for 9.0.23 onwards - 8.5.x for 8.5.44 onwards - 7.0.x for 7.0.97 onwards
Fixed in: - master for 10.0.0-M5 and onwards - 9.0.x for 9.0.35 and onwards - 8.5.x for 8.5.55 and onwards - 7.0.x for 7.0.104 and onwards
(In reply to Michael Osipov from comment #3) > Fixed in: > - master for 10.0.0-M5 and onwards > - 9.0.x for 9.0.35 and onwards > - 8.5.x for 8.5.55 and onwards > - 7.0.x for 7.0.104 and onwards That was nonsense, wrong BZ issue.