0 Replies Latest reply on Jul 21, 2014 8:14 PM by Leon Rosenberg

    SPFilter + tomcat7 + idp + tomcat security -> Roles are not transmitted.

    Leon Rosenberg Newbie



      I assume that I am missing something very obvious here, but I've spend about 4 hours searching and trying and couldn't come to a solution, so maybe there is some help.

      I was following this guide: https://docs.jboss.org/author/display/PLINK/Standalone+Web+Applications%28All+Servlet+Containers%29

      I was able to connect my SP and my IDP and perform a login. I can see a user principal in the session. However, as soon as I add tomcat security, to protect some part of the application as in the above example it doesn't work.

      Here are the relevant parts of the web.xml




                  The SP Filter intersects all requests at the SP and sees if there is a need to contact the IDP.





















          <!-- Processes application requests -->




















                  <web-resource-name>Manager command</web-resource-name>









                  The role that is required to log in to the Manager Application





      Whenever I am trying to access something under /loginarea/ I get a 403 without even coming through to the SPFilter or my code. However, from my code under other urls I can read the user principal, and it contains the tomcat user (from the quickstart examples). Interestingly, if I am trying to read the roles, it always returns null:


      Principal userPrincipal = (Principal) request.getSession().getAttribute(GeneralConstants.PRINCIPAL_ID); <-- returns the principal with correct user name

      List<String> roles = (List<String>) request.getSession().getAttribute(GeneralConstants.ROLES_ID); <- null


      If I remove the security-constraint I can access the app and the controller without any problems. I am using basic redirect idp from examples.