It would have been easier to change server.xml, to something like:
<Realm allRolesMode="strictAuthOnly" ...... />
"brian bay" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> SOLVED!
>
> Well since no one else seems to care about ldap authentication and user
> roles, I guess I'll reply to myself..
>
> Apparently backwards compatiblity is built into the source code for
> tomcat.
>
> To work around the problem of <role-name>*</role-name> you need to got
> and
> grab the tomcat source code, not the binaries.. If you have the binaries
> installed already, this is fine. All we are going to do is replace
> catalina.jar...
>
> In my source directory C:\apache-
> tomcat-5.5.17-src\container\catalina\src\share\org\apache\catalina\realm,
> I
> edited RealmBase.java.
>
> I Changed protected AllRolesMode allRolesMode = AllRolesMode.STRICT_MODE;
>
> to protected AllRolesMode allRolesMode =
> AllRolesMode.STRICT_AUTH_ONLY_MODE;
>
> I then built from source and copied the newly build catalina.jar file to
> my
> current binary distribution of tomcat..$TOMCAT_HOME/server/lib
>
> thats it.. Now <role-name>*</role-name> authenticates all roles.
>
>
> Brian Bay
>
>
>
>
> On 9/1/06, brian bay <[EMAIL PROTECTED]> wrote:
>>
>> I recently upgraded from tomcat 5.0.28 to 5.5.17. I have security set
>> up
>> on all my apps to allow any user that can authenticate against ldap
>> access
>> to the application....
>>
>> So in 5.0.28, I defined <role-name>*</role-name> to allow all role
>> names. In 5.5.17 the behavior changes on the role-name attribute, and
>> apparently the * now means "all roles defined inside of web.xml" instead
>> of the previous "all/any roles".. I understand that after tomcat
>> 5.5.12, tomcat was "fixed" to conform to the
>> 2.4 servlet spec, in which the * 's meaning is redefined. Suck.
>>
>> I dont want to have to define 300 roles in web.xml.. Once I do that, I
>> am
>> now maintaning roles in 2 places.
>>
>>
>> ***As a test/workaround, I downloaded 5.5.12 and copied catalina.jar from
>> server/lib to my 5.5.17 installation.. !Voila! authentication now works
>> with the <role-name>*</role-name>
>>
>>
>>
>> questions:
>>
>> Why is there no backwards compatibility? or is there and I just have to
>> tell it which servlet spec to use?
>>
>> ***As, for my workaround. I cant see this as being a very good
>> solution... I'm guessing this will cause problems elsewhere??
>>
>>
>> I could just use 5.5.12, but I'm sure there are some bug fixes along the
>> way that I would benefit from..
>>
>> thanks,
>> Brian
>>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
