https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
--- Comment #19 from Michael Osipov <micha...@apache.org> ---
(In reply to Christopher Schultz from comment #18)
> How applicable is <security-role-ref> in web.xml, here?
As far as I know, this is per-servlet which can be very tedious and cannot be
externalized.
> (In reply to Stefan Mayr from comment #16)
> > After a quick look into Michael's documentation I'm only concerned about the
> > placement of the default config in WEB-INF/role-mapping.properties. As an
> > admin I would expect to look for it in the conf folder.
>
> I would expect a file without any explicit path information to be in the
> application's WEB-INF/ directory if the component were to be configured in
> the applications' WEB-INF/web.xml file. If it is configured in
> conf/server.xml for the server, I might expect the config file to be found
> in the server's conf/ directory. I'm not sure it's possible to detect the
> difference between the two situations from within the code. Therefore, I'd
> prefer to default to relative-to-WEB-INF but also allow (as Michael
> suggests) arbitrary file:// URI support as well as allowing ${catalina.base}
> replacement in the path to make it easy to build an installation-relative
> path.
The only way to detect the difference between those two situations is that
WEB-INF/role-mapping.properties is not availabe and
conf/role-mapping.properties is tried. But note that no custom value has to be
set.
If this component is set output of a webapp, one could set the default lookup
space to catalina_base: instead of webapp:.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
