我想从 Java webapp 上下文(Servlet 容器)中获取所有用户及其角色,或者更好的是,直接查询用户及其角色。
如果您知道连接字符串,我看到有像 Apache Directory 这样的项目可以让您为 LDAP 执行此操作。但是,我想对服务于用户和角色的技术保持不可知论。
具体来说,我在 Tomcat 上,在最简单的场景中,我希望访问 a) tomcat-users.xmlb)Realm上下文中配置的任何其他用户和角色。但是,我真的在寻找一个不特定于 Tomcat 的解决方案,它是Realms.
In tomcat(or any other conytainer) (using std. Servlet API), directly accessing of user roles is not possible (without using tomcat/third party specific mechanisms). the getUserPrincipal & isUSerInRole are the two methods, access to the role list is not directly possible.
Since the API does not provision for such an access, I guess you will have to rely on other mechanisms which is container or technology specific.
As you pointed out, if the realm configured is a JNDI realm and the realm store is implemented over an LDAP, it is possible to write a servlet filter and get the roles from the LDAP and set them on session or on a thread local.