Implement a Tomcat Realm with LDAP authentication and JDBC authorization

Question

I\'m working in a legacy environment where an LDAP server is used only for authentication and contains no roles, and authorization is done against a database which contains

Answer 1

You haven't specified the version of Tomcat you're using, so I'm going with 6.x here.

It looks like you're delegating hasResourcePermission to JDBC while leaving both findSecurityConstraints and hasUserDataPermission in hands of JNDI. You should delegate all of them or none of them.

Update: JNDIRealm calls protected getRoles(DirContext, User) as part of its authenticate() method. You need to override that and forward it to JDBCRealm's getRoles().