tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Tue, 23 Sep 2008 16:39:38 GMT
>> I do not want to add groups in the LDAP server, but to map existing
>> ones to the roles defined in my web application instead.
> Perhaps you can use the <security-role-ref> declaration; look in section 12 of
the servlet spec.

If I remember well the <security-role-ref> just creates an alias on an
existing <security-role> for servlets.
It's not related to the mapping between my "system" groups and the
application roles.

The section 12.4 of the servlet spec says :

"A security role is a logical grouping of users defined by the
Application Developer
or Assembler.When the application is deployed, roles are mapped by a Deployer to
principals or groups in the runtime environment."

That's exactly what I am looking for.
Something like:
<user username="john" password="doe" roles="role1,role2"/>
In the tomcat-users.xml file but for my LDAP realm.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message