tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Keeping user roles in different realm than users
Date Wed, 25 Sep 2013 16:59:05 GMT
attr wrote:
> Is it possible to authenticate a user against one realm (i.e.: LDAP) but authorize (obtain
roles the user belongs to) against another realm (i.e. database)?
> Any other solutions than writing an error-prone homegrown one that will allow to keep
users in one realm, user roles in the other realm and still be able to use container-managed
authentication with authorization. Best regards.Kamil

No idea about your real question.
But a note/warning : if you manage to do this, it means that in the future you will always

have to synchronise your LDAP directory with your database "roles" table, in terms of 
which user-id's are valid (new users, users leaving etc.).  That is not necessarily 
trivial in practical cases.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message