I am using the containers JDBCRealm but would like to allow any authenticated users (without roles) to access protected resources. I realise that the handling of <role-name>*</role-name> was modified to comply with the Servlet specification in Tomcat 5.5.x but is it really necessary to give all users an essentially meaningless role under these circumstances. The point that David Delbecq made at the end of discussion Thread http://marc.theaimsgroup.com/?l=tomcat-user <http://marc.theaimsgroup.com/?l=tomcat-user&m=113898307102307&w=2> &m=113898307102307&w=2 is very valid and there are also repercussions when using the JDBCRealm. Our system allows users to create their own accounts and in order to upgrade to the latest version of Tomcat we will need to add code to also insert records in the user_role link table, the fact that foreign keys aren't used in the link table means that we are also creating duplicates of all our usernames. I realise this change was necessary to conform with the Servlet specification but a workaround would be greatly appreciated. Thanks in advance. Ronny.
