Or, like us, use an old "bugged" tomcat version that allowed, on * role "all authenticated users" instead of "all user having a role enumerated in web.xml". Those old tomcat version break servlet specs but are handy if you are not too regardant to specifications :) Or use your own realm that add a fake 'authenticated' role to any user it authenticated Or just give a bit of work to your lazy ldap admin. :D Christopher Schultz a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Daniel, > > Daniel Curran wrote: > >> Is there a way to authenticate the user without requiring a specific role? >> > > As has been previously stated, the <role-name>*</role-name> in your > <auth-constraint> deployment descriptor will work; you just have to make > sure that you have define all possible roles in the deployment > descriptor using <security-role> elements. > > Otherwise, Tomcat has no idea which ones should be okay. The '*' is just > an alias for "any role defined in the deployment descriptor". I don't > think you can accept any arbitrary role. It has to be pre-defined > (though it does not matter which one it matches). I think that means > that you can't administer this particular part of your application > through JDAP exclusively. :( > > - -chris > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGQ0zZ9CaO5/Lv0PARAjC2AKCi66x/MA+T6nJOgxwTMri2+u9DCACgvCu8 > e81L+OkigQBqo89+3ZXfKys= > =Y1ec > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
