Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 11912 invoked from network); 6 Aug 2009 11:10:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Aug 2009 11:10:34 -0000 Received: (qmail 47727 invoked by uid 500); 6 Aug 2009 11:10:38 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 47679 invoked by uid 500); 6 Aug 2009 11:10:38 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 47668 invoked by uid 99); 6 Aug 2009 11:10:38 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Aug 2009 11:10:38 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [194.42.63.159] (HELO esmail7.tecnomen.com) (194.42.63.159) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Aug 2009 11:10:27 +0000 X-AuditID: c22a3f9e-b7bc5ae000003288-6d-4a7aba0e52cb Received: from ESMAIL10.nova.local ( [194.42.56.210]) by (Tecnotree Mail Security) with SMTP id F6.08.12936.E0ABA7A4; Thu, 6 Aug 2009 14:10:07 +0300 (EEST) Received: from ESMAIL10.NOVA.LOCAL ([194.42.56.210]) by esmail10 ([194.42.56.210]) with mapi; Thu, 6 Aug 2009 14:09:22 +0300 From: Mohamed Shah To: Tomcat Users List Date: Thu, 6 Aug 2009 14:10:00 +0300 Subject: RE: Mapping role names to groups Thread-Topic: Mapping role names to groups Thread-Index: AcoWhWDuLZDl+0OUTx6I62MZ3m/e6QAAPjqA Message-ID: <960996F6EFBCB843BFD62DAA96BD1DD80479764AB9@esmail10> References: <1249556542.8225.6.camel@habanero> In-Reply-To: <1249556542.8225.6.camel@habanero> Accept-Language: en-US, fi-FI Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, fi-FI Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Brightmail-Tracker: AAAAAA== X-Virus-Checked: Checked by ClamAV on apache.org I THINK ITS POSSIBLE. But when you are fine with weblogic is there any spec= ific reason to use tomcat? -----Original Message----- From: Jason Royals [mailto:tomcat-mailinglist@fragstealers.com]=20 Sent: Thursday, August 06, 2009 4:32 PM To: users@tomcat.apache.org Subject: Mapping role names to groups Hello Tomcatters, Consider the following scenario. I have a Java web application, and it is a packaged, commercial application I may not change it. In fact, I don't have the source so I couldn't even if I wanted to. The application declares two roles in web.xml - "users" and "admins". In our corporate environment, those role names are far too generic to be group names in our LDAP repository. The groups in LDAP are called SG-FooBar-Users and SG-FooBar-Admins. We expect to map these real group names to the roles declared in the web.xml. We have this running currently on Weblogic, and to map the roles to groups, we have a Weblogic configuration as follows (in weblogic.xml) .... users SG-FooBar-Users admins SG-FooBar-Admins .... Websphere, JBoss, Geronimo, Glassfish etc all seem to offer similar features in their container-specific configurations. How can I achieve the same result in Tomcat, remembering I cannot change the application, and I cannot change the groups or the LDAP repository (which has hundreds of thousands of users and groups)? Is it even possible with Tomcat? Thanks, Jason --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org