You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Bill Schneider <bs...@vecna.com> on 2005/03/07 23:31:22 UTC

group-to-role mapping

Hello,

Are any plans in the works for Tomcat to support the concept of mapping 
J2EE security-roles (as defined in web.xml) to one or more groups, where 
a group is an entity in an LDAP/RDBMS/XML security store that may be 
shared by multiple applications?

Right now, Tomcat supports a one-to-one mapping via the 
<security-role-ref> element in web.xml, but it's not clear whether 
there's a way to map a role to *multiple* shared groups... for instance, 
an "create-employee" role might be mapped to both the "HR" group and the 
"Superuser" group.

This seems to be supported in WebLogic 8.1, Oracle 9iAS/10g, and SunONE. 
  Not sure about JBoss or WebSphere.

Or am I just overlooking something simple?

-- Bill
-- 
Bill Schneider
Chief Architect

Vecna Technologies
5004 Lehigh Rd., Suite B
College Park, MD 20740
bschneider@vecna.com
t: 301-864-7253 x1140
f: 301-699-3180


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org