tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <jer...@delattre.org>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Wed, 08 Oct 2008 19:45:15 GMT
2008/10/8 Caldarale, Charles R <Chuck.Caldarale@unisys.com>
>
> > From: Felix Schumacher [mailto:felix.schumacher@internetallee.de]
> > Subject: Re: JNDIRealm - mapping LDAP group to security role
> >
> > have you thought about adding an extra attribute to the
> > groups, so that the mapping is done by a normal ldap query?
>
> Even that's not necessary.  The servlet security model already has a built-in mapping
capability (<security-role-ref>) that can be used to convert LDAP or other database
values to the roles declared in the web.xml file.
>
>  - Chuck

<security-role-ref> is a servlet attribute.
What should I do with it? add the same <security-role-ref> for each
LDAP group to all my Servlets? sound strange...
And what happens if I call request.isUserInRole(myLDAPGroup) anywhere
outside a declared Servlet?

Jerome

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message