>> If I remember well the <security-role-ref> just creates an alias on an >> existing <security-role> for servlets. >> It's not related to the mapping between my "system" groups and the >> application roles. > > O.k., I'm confused. Isn't an alias just what you need to do the mapping from > any role names used internally in your webapp to the roles (groups) obtained > from the LDAP server? >
Yes an alias is what I need :-) But <security-role-ref> is not done for that (unless I missed something). Quoting: http://java.sun.com/developer/technicalArticles/Servlets/servletapi2.3/ <servlet> <servlet-name> secret </servlet-name> ... <security-role-ref> <role-name> mgr <!-- name used by servlet --> </role-name> <role-link> manager <!-- name used in deployment descriptor --> </role-link> </security-role-ref> </servlet> ... <security-role> <role-name> manager </role-name> </security-role> the servlet secret can call isUserInRole("mgr") or isUserInRole("manager") -- they will give the same behavior. Basically, security-role-ref acts to create an alias, but isn't necessary. /Quote What I am looking for is more a security role mapping descriptor or configuration. Like one can do in SunAS: <security-role-mapping> <role-name>myapprole</role-name> <group-name>myldapgroup</group-name> </security-role-mapping> --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]