https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
--- Comment #17 from Michael Osipov ---
(In reply to Stefan Mayr from comment #16)
> At the time I wrote this realm I did not know of any other role name mapping
> add-ons. I'm not sure if Michael's solution already was public. Although I
> don't need it anymore the use case is still valid.
Back then it did not even exist.
> Initial starting point:
> - LDAP (e.g. MS Active Directory) with group names we have to use
> - a third party application using fixed role names we cannot change either
I am using it actually with Active Directory. I am mapping group SIDs to
friendly (application names)
> To make a solution (realm, filter, listener, ...) solve the above problem it
> needs to be configurable in server.xml or
> [enginename]/[hostname]/[appname].xml (Context) with a mapping definition
> outside of the application. The point is to not change the application.
One needs to investigate this, but this is likely not fully possible because
you have to modify the context as such.
> After a quick look into Michael's documentation I'm only concerned about the
> placement of the default config in WEB-INF/role-mapping.properties. As an
> admin I would expect to look for it in the conf folder.
It is isn't a problem to file:// support or even property interpolation as
Tomcat does for other elements in the context.xml. I simply never needed it
because all group SID where known to me.
I will try to raise a discussion next week.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
