Hi list, I am fighting against a 3rd party application composed by 2 webapps.
The first is supposed to present a login form and once authenticated you are presented with the application frontend. Behind the lines it is connecting (through localhost) to a second one that is presenting the same security configuration. In short, the same username/role are authorized for the second aplication as well. In the original setup everything works fine with the memoryRealm, so just populating the tomcat-users.xml file. Problems arose when I switched to leverage JNDIRealm (LDAP): it is not working anymore. I easily managed to get the first app to authenticate against LDAP, validating a specific LDAP group, but eventually the app gets 403 in accessing the second one. Of course I already tried the same security-role / security-contraint in both the web.xml. Do you know if it is a known problem in "sharing" a security mechanism between webapps running on the same Tomcat? I am running Tomcat 7.0.64. I did not found a way to debug the security-contraint/security-role stuff. If you could just advice what to enable to have a deeper insight... that would be invaluable! Thanks to all Marco
