tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ilya Kazakevich" <>
Subject Mapping security role outside of servlet specification
Date Wed, 05 Jun 2013 11:42:49 GMT

I use "probe" app for several tomcats.
It's security model is based on servlet API security: security roles and
constraints are provided in web.xml and mapped for each servlet it has.
I use JNDIRealm to authenticate users via LDAP (actually AD is used).
I want to grant access to Probe on "Tomcat1' installation for people from
"Group1"  and to "Tomcat2" to people from "Group2".
But "manager" group is hard-coded in web.xml inside of probe!

I want to map group "Group1" from LDAP realm to role "manager" in tomcat.
How can I do that?
I can't use "security-role-ref" because I should put in <servlet> tag, so I
do that on tomcat level.
There is " security-role-mapping" tag in some servers but  it is proprietary
and not supported by tomcat.

So the only way for me to extract .war file and patch web.xml.

What is the best way to solve it?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message