i'm writing an application that uses JNDIRealm for authentication. works great, but having to configure connection information server.xml is a bit limiting. so i'm trying to figure out the right way to support virtual hosting for JNDIRealm (and possibly by extension for all realms and authenticators). the goal: a single host, realm and context are configured in server.xml.user a visits the application at http://www.domain1.com, which connects to ldap.domain1.com for dn cn=a,dc=domain1,dc=com with one set of connection info and role base. user b visits the same application at http://www.domain2.net, which connects to ldap.domain2.net for dn cn=b,dc=domain2,cd=net with a different set of connection info and role base. seems like JNDIRealm would have to be modified in these ways: 1) don't open connection in start() or close it in stop() 2) don't maintain a single InitialDirContext for the realm, but rather get a new one for each connection 3) sport an interface for allowing the authenticator to pass in a virtual host name (extracted from request.getServerName()), and retrieving connection info for that virtual host a "service location and configuration" mechanism that solves #3 would probably be useful for many components. also it may have an impact on the Realm interface. so i would like to get some feedback before i take a knife to anything. i thought initially about configuring a resource in server.xml for each ldap server, but that approach doesn't scale well. still, allowing the realm to look up connection information using jndi seems reasonable. i'm just not sure of the right way to publish the connection info in the first place. thoughts? anybody else find this to be an issue?