tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: security-role-ref doesn't work
Date Fri, 19 Apr 2013 21:30:36 GMT
On 19/04/2013 21:47, Mark Thomas wrote:
> On 19/04/2013 21:37, Propes, Barry L wrote:
>> What version are you using?
>>  Mine doesn't contain this attribute pair at all...
>> <security-role-ref> 
>> </security-role-ref>
> The version being used is irrelevant. <security-role-ref> is only valid
> inside a <servlet> element.
> There might still be a bug here - I'm currently looking at the source to
> check - but it isn't the bug the OP thinks they have found.

Digging in to this Tomcat's behaviour is specification compliant.
<security-role-ref> are only intended to work with a specific Servlet
and only with calls to isUserInRole(). However, that means there are
various places where it would be helpful to do a role mapping where it
is not currently possible. I have started a discussion on the dev list
about how to handle this. It will probably move to the Servlet EG unless
I have missed something obvious.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message