> From: Oliver Block [mailto:li...@oliver-block.eu] > Subject: Form-based authentication > > But now I do not see how to connect the authentication module > to a security constraint. I mean, do I have to add every user > that has an imap account to web.xml?
No, each user would normally have a set of roles with which they are associated, and it's the roles that are configured in web.xml. Often, group membership is used as a substitute for roles. Since the imap accounts likely do not have any means of specifying role or group attributes, your login module can simply utilize any role name it likes for all users once authentication has occurred. Only that single role name ("User", in your current setup) needs to be configured in web.xml, assuming that every user that authenticates successfully is allowed access. - Chuck P.S. Remove the path attribute from your <Context> element - it's not allowed. THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org