tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Illik <>
Subject mapping of web-app roles to principals authenticated against JDBCRealm (compared to <security-role-mapping> in sun-web.xml)
Date Wed, 01 Feb 2006 09:06:05 GMT

   I am trying to work out, how exactly I map Tomcat Users/Groups
(defined in a JDBCRealm) to security roles, which are defined in my web
application deployment descriptor.

I am trying to understand the following in the context of formbased login:

As the tomcat administrator, I have no knowledge of whatever web
application might have to be deployed to my application server in
future. In my JDBCRealm, I have users which are categorized in groups.

On the other side, web application developers should not have to care
about what user categories are configured on the server. They define
roles for their web applications and restrict access to resources by
security constraints à la "principals which are assigned this role, are
authorized to access this URL-pattern.."

So, when a web application gets deployed to my Container, I want to map 
those application specific roles to the user groups or just to single 
users which I have in my JDBCRealm.

For the SUN Application Server, there seems to be a sperate deployment
descriptor (sun-web.xml) for this reason:



The role names there, are those from the web.xml security constraints, like


The <principal-name> is a user which is stored in my JDBCRealm, and the
<group-name> is a group of users there.

How can I establish this link/mapping in Tomcat?

Many Thanks,

View raw message