tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub 1983 <jjaku...@gmail.com>
Subject Re: security-role-ref doesn't work
Date Sun, 21 Apr 2013 12:08:07 GMT
Mark,
thank you very much for your clarification,

regards
Jakub

ps
anybody else interested in this topic can see here:
http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html
http://docs.oracle.com/javaee/5/tutorial/doc/bncba.html#bncbb




On Fri, Apr 19, 2013 at 11:30 PM, Mark Thomas <markt@apache.org> wrote:

> On 19/04/2013 21:47, Mark Thomas wrote:
> > On 19/04/2013 21:37, Propes, Barry L wrote:
> >> What version are you using?
> >>
> >>  Mine doesn't contain this attribute pair at all...
> >>
> >> <security-role-ref>
> >> </security-role-ref>
> >
> > The version being used is irrelevant. <security-role-ref> is only valid
> > inside a <servlet> element.
> >
> > There might still be a bug here - I'm currently looking at the source to
> > check - but it isn't the bug the OP thinks they have found.
>
> Digging in to this Tomcat's behaviour is specification compliant.
> <security-role-ref> are only intended to work with a specific Servlet
> and only with calls to isUserInRole(). However, that means there are
> various places where it would be helpful to do a role mapping where it
> is not currently possible. I have started a discussion on the dev list
> about how to handle this. It will probably move to the Servlet EG unless
> I have missed something obvious.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message