-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chuck,
On 9/25/13 4:52 PM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: Keeping user roles in different realm than users > >>> Any other solutions than writing an error-prone homegrown one >>> that will allow to keep users in one realm, user roles in the >>> other realm and still be able to use container-managed >>> authentication with authorization. > >> Tomcat does not ship with anything like this out of the box. > > There is the CombinedRealm, which might make the implementation > somewhat easier. The OP would still need a second Realm > implementation for the roles, but that could be another LDAP one. I'm not sure that would work, but I can't say that I have tried it. I've only briefly looked at the CombinedRealm implementation, but it does not appear to handle roles at all. I think the roles are wrapped-up in the Principal, which would come from the authentication step. That means that successful authentication against the LDAP realm would mean that authorization would likely be checked only against that realm. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSQ07XAAoJEBzwKT+lPKRY75wQAJBcKNNJj+wBANcx/oXOUmiO V+XKbgdbBB1PW3XcPbgH+9Us5iHzWZPooL7xYhDhzXcX3kCuJDGTluaZWEQlEj5Z B6upbrlDf6zgqlMd0n2MOR687bATjrKuyuhm01PJNNbRnB910VvYC1+tOWvNMiTK 1RfxK3tOiPLm3/iE8XRTYBSM/PROUIc8yYLyX1ZhPCELLWYxg7lxFkjK1hY9I1MH nEf2uj/CvmoArTvIRmE36tvf26mOR/rLC1gp4cmsyWl9sxpRAsRYeOzKSl7J1H4q /J14+CEKHH5XJxOTSf2kQJ75/8fNGXvpFwWpD9Im+u8608qVJCqaFKYizoOMEGiI Uh+QkFwZOpkB2m2XoTOKuIURbwLqq6X0s4hU880OTVRBqrdWuQumP2QDEH6BO/D5 Q092iaSLbLGo5KuPlAVTa5BFH4a4IcP1krJw15E6bR8u5BrQ24XaQH/UnKvADvhZ L72lRjHaHLhoIUOsB526vgSXSs/fW0ZFxMcNWem8Kfr/djbHOdbfhGh9XO3HVNxG G9VLKsbPhx2WVkKM3TJ+EzIpdYb/3GEKlva+A13NY4SKqfWt4+PCN8QuNgEEG4vQ CETtJOe/FzwbRkDuxGzAxKEI24jyJBN50EYld71UVBKiOkFzHSPmk+dvuYiTnkh9 sFpNIz/tr0wGSvxTDY6G =nn4I -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
