Mark, thank you very much for your clarification, regards Jakub
ps anybody else interested in this topic can see here: http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html http://docs.oracle.com/javaee/5/tutorial/doc/bncba.html#bncbb On Fri, Apr 19, 2013 at 11:30 PM, Mark Thomas <ma...@apache.org> wrote: > On 19/04/2013 21:47, Mark Thomas wrote: > > On 19/04/2013 21:37, Propes, Barry L wrote: > >> What version are you using? > >> > >> Mine doesn't contain this attribute pair at all... > >> > >> <security-role-ref> > >> </security-role-ref> > > > > The version being used is irrelevant. <security-role-ref> is only valid > > inside a <servlet> element. > > > > There might still be a bug here - I'm currently looking at the source to > > check - but it isn't the bug the OP thinks they have found. > > Digging in to this Tomcat's behaviour is specification compliant. > <security-role-ref> are only intended to work with a specific Servlet > and only with calls to isUserInRole(). However, that means there are > various places where it would be helpful to do a role mapping where it > is not currently possible. I have started a discussion on the dev list > about how to handle this. It will probably move to the Servlet EG unless > I have missed something obvious. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
