> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Mapping role names to groups > > More precisely, it seems from the Servlet Spec, that all which concerns > AAA applies in fact to "URLs" and/or "methods". It seems thus > definitely independent from servlets, filters, jsps etc..
Except for this one security-related element, which is specific to a <servlet> declaration, and therefore, as Jason says, limited in its usefulness. Also, it applies to programmatic, not declarative, security, so I suspect that Tomcat ignores any security-role-ref mappings unless there are explicit isUserInRole() calls from the servlet. Curiously enough, there are addRoleMapping() and findRoleMapping() methods in Tomcat's StandardContext class, and these appear to do exactly what Jason wants - except I can't find any code that calls them. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org