You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Tobias Illik <pi...@hdm-stuttgart.de> on 2006/02/01 10:06:05 UTC
mapping of web-app roles to principals authenticated against JDBCRealm
(compared to in sun-web.xml)
Hi,
I am trying to work out, how exactly I map Tomcat Users/Groups
(defined in a JDBCRealm) to security roles, which are defined in my web
application deployment descriptor.
I am trying to understand the following in the context of formbased login:
As the tomcat administrator, I have no knowledge of whatever web
application might have to be deployed to my application server in
future. In my JDBCRealm, I have users which are categorized in groups.
On the other side, web application developers should not have to care
about what user categories are configured on the server. They define
roles for their web applications and restrict access to resources by
security constraints � la "principals which are assigned this role, are
authorized to access this URL-pattern.."
So, when a web application gets deployed to my Container, I want to map
those application specific roles to the user groups or just to single
users which I have in my JDBCRealm.
For the SUN Application Server, there seems to be a sperate deployment
descriptor (sun-web.xml) for this reason:
<sun-web-app>
<context-root>/theapp</context-root>
<security-role-mapping>
<role-name>ADMIN</role-name>
<principal-name>randy</principal-name>
<principal-name>amanda</principal-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>tomcatusergroup</group-name>
</security-role-mapping>
<sun-web-app>
The role names there, are those from the web.xml security constraints, like
<security-role>
<role-name>ADMIN</role-name>
</security-role>
The <principal-name> is a user which is stored in my JDBCRealm, and the
<group-name> is a group of users there.
How can I establish this link/mapping in Tomcat?
Many Thanks,
Tobi
Re: mapping of web-app roles to principals authenticated against
JDBCRealm (compared to in sun-web.xml)
Posted by Mark Thomas <ma...@apache.org>.
Tobias Illik wrote:
<snip>
> How can I establish this link/mapping in Tomcat?
It has to be performed in web.xml
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org