Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 70193 invoked from network); 1 Feb 2006 09:07:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Feb 2006 09:07:09 -0000 Received: (qmail 96944 invoked by uid 500); 1 Feb 2006 09:06:44 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 96213 invoked by uid 500); 1 Feb 2006 09:06:39 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 95920 invoked by uid 99); 1 Feb 2006 09:06:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2006 01:06:36 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [141.70.120.1] (HELO excalibur.wh-netz.de) (141.70.120.1) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2006 01:06:33 -0800 Received: from localhost (localhost.localdomain [127.0.0.1]) by excalibur.wh-netz.de (Postfix) with ESMTP id 02902256ECC for ; Wed, 1 Feb 2006 10:06:12 +0100 (CET) Received: from excalibur.wh-netz.de ([127.0.0.1]) by localhost (excalibur [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03214-10 for ; Wed, 1 Feb 2006 10:06:10 +0100 (CET) Received: from [10.33.124.50] (cayce.vaih.whnetz [10.33.124.50]) by excalibur.wh-netz.de (Postfix) with ESMTP id 09F19256D9F for ; Wed, 1 Feb 2006 10:06:10 +0100 (CET) Message-ID: <43E079FD.3060003@hdm-stuttgart.de> Date: Wed, 01 Feb 2006 10:06:05 +0100 From: Tobias Illik Reply-To: Tobias Illik Organization: Hochschule der Medien User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: users@tomcat.apache.org Subject: mapping of web-app roles to principals authenticated against JDBCRealm (compared to in sun-web.xml) Content-Type: multipart/mixed; boundary="------------050506000400020304040806" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at wh-netz.de X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --------------050506000400020304040806 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit Hi, I am trying to work out, how exactly I map Tomcat Users/Groups (defined in a JDBCRealm) to security roles, which are defined in my web application deployment descriptor. I am trying to understand the following in the context of formbased login: As the tomcat administrator, I have no knowledge of whatever web application might have to be deployed to my application server in future. In my JDBCRealm, I have users which are categorized in groups. On the other side, web application developers should not have to care about what user categories are configured on the server. They define roles for their web applications and restrict access to resources by security constraints � la "principals which are assigned this role, are authorized to access this URL-pattern.." So, when a web application gets deployed to my Container, I want to map those application specific roles to the user groups or just to single users which I have in my JDBCRealm. For the SUN Application Server, there seems to be a sperate deployment descriptor (sun-web.xml) for this reason: /theapp ADMIN randy amanda USER tomcatusergroup The role names there, are those from the web.xml security constraints, like ADMIN The is a user which is stored in my JDBCRealm, and the is a group of users there. How can I establish this link/mapping in Tomcat? Many Thanks, Tobi --------------050506000400020304040806 Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------050506000400020304040806--