I'm attempting to use CAS for authentication of several custom apps. These applications depend only on the authenticated user having an Oracle user account. CAS has an authentication handler that appears to be perfect for my use (BindModeSearchDatabaseAuthenticationHandler), which will connect to the database using the given credentials then disconnect. This all works.
The next step is to define privilege within the applications based on the database roles that the user has been granted within Oracle. Instead of having a TOMCAT_USER_ROLE table that lists assigned roles per user, as in the JDBCRealm, the filter could just request the granted roles. (i.e. "Select granted_roles from user_role_privs;" OR if not connected as the user, "Select granted_roles from dba_role_privs where grantee = '<user>';")
Has anyone here attempted this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm attempting to use CAS for authentication of several custom apps. These applications depend only on the authenticated user having an Oracle user account. CAS has an authentication handler that appears to be perfect for my use (BindModeSearchDatabaseAuthenticationHandler), which will connect to the database using the given credentials then disconnect. This all works.
The next step is to define privilege within the applications based on the database roles that the user has been granted within Oracle. Instead of having a TOMCAT_USER_ROLE table that lists assigned roles per user, as in the JDBCRealm, the filter could just request the granted roles. (i.e. "Select granted_roles from user_role_privs;" OR if not connected as the user, "Select granted_roles from dba_role_privs where grantee = '<user>';")
Has anyone here attempted this?