Re: Mapping Multiple LDAP Groups to a J2EE Role

Tue, 14 Feb 2017 15:04:54 -0800 

hi

The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1,
Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a
very same role. It's done with a security-role-ref tag, as explained by
these JSR :


**For example, to map the security role reference "FOO" to the security
role with role-name "manager" the syntax would be

<security-role-ref>
<role-name>FOO</role-name>
<role-link>manager</role-link>
</security-role-ref>

In this case, if a servlet called by a user belonging to the "manager"
security role were to call isUserInRole("FOO") the result would be true**

Of course you still need a Realm in the conf/server.xml, a security
constraint and a login-config in the webapp's web.xml

I didn't try myself, but you can ask if you're still in trouble.

best regards
A.T.







2017-01-26 23:01 GMT+01:00 John Trump <trum...@gmail.com>:

> Thi is what the product specifies:
>
>  In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz
> Team Server environment. However, if your Jazz Team Server runs on Apache
> Tomcat application server and Tomcat does not support mapping multiple LDAP
> groups to a J2EE role, you cannot map multiple groups to one role.
>
> In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> group2, group3) and I would need to map those LDAP groups to 1 single role,
> o.e. jazzuser or jazzadmin.
>
> On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> aterrest...@gmail.com>
> wrote:
>
> > Hi John
> >
> > do you mean that a same user would be found in different groups ? Or do
> you
> > have different roles, with each role being in its own group ?
> >
> >
> >
> >
> >
> >
> >
> > 2017-01-26 18:39 GMT+01:00 John Trump <trum...@gmail.com>:
> >
> > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use
> > LDAP
> > > for authentication but need to confirm that tomcat supports mapping
> > > multiple LDAP groups to a J2EE role.
> > >
> > > I have looked through the documentation but am still not sure if this
> is
> > > supported. Any help or insight would be greatly appreciated.
> > >
> >
>

Reply via email to