Tomcat security roles mapping

Question

This is related to Tomcat 6 with JAASRealm and a custom JAAS module for security.

Other Application Servers seem to support the mapping of application role names (in web.xml) to actual groups of the underlying security realm by using with server specific deployment descriptors - as mentioned in the Java EE 5 Tutorial.

Does Tomcat have a similar mechanism?

Edit: This thread seems to talk of the same requirement, but unfortunately doesn't have a definitive answer.
A request for enhancement to JBoss Web (with tomcat under the hood) has been made to address this same issue.

I've created https://java.net/jira/browse/JAVAEE_SPEC-20 in support of this. Hopefully this will be possible in a future version of Java EE and/or Servlet. If you (or anyone else) still cares for this, please vote for the issue. — Arjan Tijms, May 11 '13 at 10:06

score 0 · Answer 1 · answered Mar 11 '11 at 13:23

0

you can check $CATALINA_HOME/conf/tomcat-users.xml there you can add and manage roles .. you can use the GUI provided by tomcat you can check GUI Administration

and Tomcat Roles Management

answered Mar 11 '11 at 13:23

AhmadAssaf

3,556
5
31
42

2

this is not the same as server-specific deployment descriptors which are part of the deployable. – Ryan Fernandes Mar 12 '11 at 05:36

Tomcat security roles mapping

1 Answers1