tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <jer...@delattre.org>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Tue, 23 Sep 2008 19:18:21 GMT
>> If I remember well the <security-role-ref> just creates an alias on an
>> existing <security-role> for servlets.
>> It's not related to the mapping between my "system" groups and the
>> application roles.
>
> O.k., I'm confused.  Isn't an alias just what you need to do the mapping from any role
names used internally in your webapp to the roles (groups) obtained from the LDAP server?
>

Yes an alias is what I need :-)
But <security-role-ref> is not done for that (unless I missed something).
Quoting: http://java.sun.com/developer/technicalArticles/Servlets/servletapi2.3/

 <servlet>
    <servlet-name>
        secret
    </servlet-name>
...
    <security-role-ref>
        <role-name>
            mgr <!-- name used by servlet -->
        </role-name>
        <role-link>
            manager <!-- name used in deployment descriptor -->
        </role-link>
    </security-role-ref>
</servlet>

...

<security-role>
    <role-name>
        manager
    </role-name>
</security-role>

the servlet secret can call isUserInRole("mgr") or
isUserInRole("manager") -- they will give the same behavior.
Basically, security-role-ref acts to create an alias, but isn't
necessary.

/Quote

What I am looking for is more a security role mapping descriptor or
configuration.
Like one can do in SunAS:

<security-role-mapping>
    <role-name>myapprole</role-name>
    <group-name>myldapgroup</group-name>
</security-role-mapping>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message