I am missing a key piece of information that I have not been able to find in the past few days of searching. How does the <security-role> and <role-name> tag work in relation to the <auth-constraint> and <role-name> tag? Do they have any relation?
I am trying to change the security model of a proprietary application and they were using the JDBC Realm Form authentication. I want to change it to use the JNDI Realm and go against a Oracle Internet Directory instance for authentication. I was able to successfully change the security example packaged with tomcat to use this JNDI Realm. I have made the same changes to the proprietary app and I am successfully authenticating but I believe I am failing authorization somewhere. However I can find no code that checks for isUserInRole(). Could someone please point me in the direction of some documentation that explains what the <security-role> tag does and how it does it since I think that the problem lies in the fact the application is not getting the role it is expecting? Thanks, Mike --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
