tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Tue, 23 Sep 2008 19:18:21 GMT
>> If I remember well the <security-role-ref> just creates an alias on an
>> existing <security-role> for servlets.
>> It's not related to the mapping between my "system" groups and the
>> application roles.
> O.k., I'm confused.  Isn't an alias just what you need to do the mapping from any role
names used internally in your webapp to the roles (groups) obtained from the LDAP server?

Yes an alias is what I need :-)
But <security-role-ref> is not done for that (unless I missed something).

            mgr <!-- name used by servlet -->
            manager <!-- name used in deployment descriptor -->



the servlet secret can call isUserInRole("mgr") or
isUserInRole("manager") -- they will give the same behavior.
Basically, security-role-ref acts to create an alias, but isn't


What I am looking for is more a security role mapping descriptor or
Like one can do in SunAS:


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message