You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Aurélien Terrestris <at...@gmail.com> on 2017/02/14 23:04:32 UTC
Re: Mapping Multiple LDAP Groups to a J2EE Role
hi
The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1,
Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a
very same role. It's done with a security-role-ref tag, as explained by
these JSR :
**For example, to map the security role reference "FOO" to the security
role with role-name "manager" the syntax would be
<security-role-ref>
<role-name>FOO</role-name>
<role-link>manager</role-link>
</security-role-ref>
In this case, if a servlet called by a user belonging to the "manager"
security role were to call isUserInRole("FOO") the result would be true**
Of course you still need a Realm in the conf/server.xml, a security
constraint and a login-config in the webapp's web.xml
I didn't try myself, but you can ask if you're still in trouble.
best regards
A.T.
2017-01-26 23:01 GMT+01:00 John Trump <tr...@gmail.com>:
> Thi is what the product specifies:
>
> In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz
> Team Server environment. However, if your Jazz Team Server runs on Apache
> Tomcat application server and Tomcat does not support mapping multiple LDAP
> groups to a J2EE role, you cannot map multiple groups to one role.
>
> In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> group2, group3) and I would need to map those LDAP groups to 1 single role,
> o.e. jazzuser or jazzadmin.
>
> On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> aterrestris@gmail.com>
> wrote:
>
> > Hi John
> >
> > do you mean that a same user would be found in different groups ? Or do
> you
> > have different roles, with each role being in its own group ?
> >
> >
> >
> >
> >
> >
> >
> > 2017-01-26 18:39 GMT+01:00 John Trump <tr...@gmail.com>:
> >
> > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use
> > LDAP
> > > for authentication but need to confirm that tomcat supports mapping
> > > multiple LDAP groups to a J2EE role.
> > >
> > > I have looked through the documentation but am still not sure if this
> is
> > > supported. Any help or insight would be greatly appreciated.
> > >
> >
>
Re: Mapping Multiple LDAP Groups to a J2EE Role
Posted by John Trump <tr...@gmail.com>.
Thank you. I was able to get it working.
On Tue, Feb 14, 2017 at 6:04 PM, Aurélien Terrestris <at...@gmail.com>
wrote:
> hi
>
> The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1,
> Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a
> very same role. It's done with a security-role-ref tag, as explained by
> these JSR :
>
>
> **For example, to map the security role reference "FOO" to the security
> role with role-name "manager" the syntax would be
>
> <security-role-ref>
> <role-name>FOO</role-name>
> <role-link>manager</role-link>
> </security-role-ref>
>
> In this case, if a servlet called by a user belonging to the "manager"
> security role were to call isUserInRole("FOO") the result would be true**
>
> Of course you still need a Realm in the conf/server.xml, a security
> constraint and a login-config in the webapp's web.xml
>
> I didn't try myself, but you can ask if you're still in trouble.
>
> best regards
> A.T.
>
>
>
>
>
>
>
> 2017-01-26 23:01 GMT+01:00 John Trump <tr...@gmail.com>:
>
> > Thi is what the product specifies:
> >
> > In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz
> > Team Server environment. However, if your Jazz Team Server runs on Apache
> > Tomcat application server and Tomcat does not support mapping multiple
> LDAP
> > groups to a J2EE role, you cannot map multiple groups to one role.
> >
> > In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> > group2, group3) and I would need to map those LDAP groups to 1 single
> role,
> > o.e. jazzuser or jazzadmin.
> >
> > On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> > aterrestris@gmail.com>
> > wrote:
> >
> > > Hi John
> > >
> > > do you mean that a same user would be found in different groups ? Or do
> > you
> > > have different roles, with each role being in its own group ?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 2017-01-26 18:39 GMT+01:00 John Trump <tr...@gmail.com>:
> > >
> > > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to
> use
> > > LDAP
> > > > for authentication but need to confirm that tomcat supports mapping
> > > > multiple LDAP groups to a J2EE role.
> > > >
> > > > I have looked through the documentation but am still not sure if this
> > is
> > > > supported. Any help or insight would be greatly appreciated.
> > > >
> > >
> >
>