> From: Oliver Block [mailto:li...@oliver-block.eu]
> Subject: Form-based authentication
>
> But now I do not see how to connect the authentication module
> to a security constraint. I mean, do I have to add every user
> that has an imap account to web.xml?
No, each user would normally have a set of roles with which they are
associated, and it's the roles that are configured in web.xml. Often, group
membership is used as a substitute for roles. Since the imap accounts likely
do not have any means of specifying role or group attributes, your login module
can simply utilize any role name it likes for all users once authentication has
occurred. Only that single role name ("User", in your current setup) needs to
be configured in web.xml, assuming that every user that authenticates
successfully is allowed access.
- Chuck
P.S. Remove the path attribute from your <Context> element - it's not allowed.
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
