Hi, I can't get the <security-role-ref> to work in Tomcat 4 with the security JSP.
I have added the following <% if (request.isUserInRole("Admin")) { %> User is in Admin role <% } else { %> User is NOT in Admin role <% } %> to jsp/security/protected/index.jsp in the distribution to Tomcat 4. As security-role-ref is part of a servlet element of web.xml how do you specify this with a JSP. I tried adding the following to web.xml <servlet> <servlet-name> Protected </servlet-name> <jsp-file>/jsp/security/protected/index.jsp</jsp-file> <security-role-ref> <description>Link between Admin and sysadmin</description> <role-name>Admin</role-name> <role-link>Tomcat</role-link> </security-role-ref> </servlet> My user authenticates and is given the role 'Tomcat' but the Realm hasRole() method is called with 'Admin'. The code in HttpRequestBase does public boolean isUserInRole(String role) { ... if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if ((realRole != null) && realm.hasRole(userPrincipal, realRole)) return (true); } to map the servlet role to security-role so I guess I have not got web.xml set up properly. Any ideas? Antony -- Antony Bowesman Teamware Group [EMAIL PROTECTED] phone: +358 9 5128 2562 fax : +358 9 5128 2705 intra / extra / Internet solutions at www.teamware.com