I THINK ITS POSSIBLE. But when you are fine with weblogic is there any specific reason to use tomcat?
-----Original Message----- From: Jason Royals [mailto:tomcat-mailingl...@fragstealers.com] Sent: Thursday, August 06, 2009 4:32 PM To: users@tomcat.apache.org Subject: Mapping role names to groups Hello Tomcatters, Consider the following scenario. I have a Java web application, and it is a packaged, commercial application I may not change it. In fact, I don't have the source so I couldn't even if I wanted to. The application declares two roles in web.xml - "users" and "admins". In our corporate environment, those role names are far too generic to be group names in our LDAP repository. The groups in LDAP are called SG-FooBar-Users and SG-FooBar-Admins. We expect to map these real group names to the roles declared in the web.xml. We have this running currently on Weblogic, and to map the roles to groups, we have a Weblogic configuration as follows (in weblogic.xml) <weblogic-web-app> .... <security-role-assignment> <role-name>users</role-name> <principal-name>SG-FooBar-Users</principal-name> </security-role-assignment> <security-role-assignment> <role-name>admins</role-name> <principal-name>SG-FooBar-Admins</principal-name> </security-role-assignment> .... </weblogic-web-app> Websphere, JBoss, Geronimo, Glassfish etc all seem to offer similar features in their container-specific configurations. How can I achieve the same result in Tomcat, remembering I cannot change the application, and I cannot change the groups or the LDAP repository (which has hundreds of thousands of users and groups)? Is it even possible with Tomcat? Thanks, Jason --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org