tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "A. Weinert" <>
Subject Re: Default Role in Realms
Date Sat, 20 Sep 2008 09:22:52 GMT
Rainer Jung schrieb:
> I added an optional configurable default role to the JNDIRealm.
> That's useful, if you only want to authenticate the users (password check).
> I could as well add it to most of the other Realms, but I'm wondering, 
> if it would make more sense to introduce an additional getRoles to 
> RealmBase, which returns the default role if configured and can be 
> included in the getRoles already present in most of the Realm 
> implementations.
> Thoughts?
> Regards,
> Rainer

Im my opinion a most useful feature,
as itreally is in ADweRealm (see
) for Active Directory.

Active Directory (AD) lists certain default group memberships not
explicitely. So an user account, who is just "Domänen-Benutzer",
would get authentication but no roles and hence no Tomcat
rights w/o such a default role feature.

But I'm not sure if a change to the base class (RealmBase) is much help.
To use ADweRealm again as an example, it implements a primitive way
of Realm Chaining (badly needed with AD and missed in Tomcat). Here the
default role signals which Realm the user got her authentication from.
Under this aspect a base class implementation of the default role
feature would only make sense if the Realm Chaining feature would be
implemented there as well.

Best regards Albrecht

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message