It would be nice if Tomcat had a way to map J2EE <security-role>'s to one or more groups, users, etc. This is a feature offered by many app servers like WebLogic, Oracle 9iAS and SunONE. This would make it easier for several apps with unique roles to share the same set of groups.
I've made this item a candidate for a Google Summer of Code project: http://wiki.apache.org/general/SummerOfCode2005.
Hi I saw this thread from google's summer of codes site. I've been using Tomcat for 5-6 years and am new to JAAS. I would like to learn more about this issue and maybe I can contribute some codes. Could anyone point me to some documentations? Thanks -Lou
(In reply to comment #2) > Hi I saw this thread from google's summer of codes site. I've been using Tomcat > for 5-6 years and am new to JAAS. I would like to learn more about this issue > and maybe I can contribute some codes. Could anyone point me to some > documentations? Thanks > > -Lou I saw this thread from google's summer of codes site too. I've been using Tomcat since 2001 and I know JAAS. I have a good understanding of it and more than 2 years of development with jboss app server. May be we can do it together?
Please use tomcat-dev for communicating rather than bug reports. We started a thread on possible summer of code projects. I do not think it is a good idea to change how security is done in Tomcat 5.5.x, and that any change in any upcoming Tomcat should be done once we know a little bit more about the upcoming specification. Conclusion: this is likely not a good summer of code project, due to timing issues.
Chunju and Pavel: if you feel like working on this (individually or together), that's great. Please feel free to do so, ask any questions you want on the mailing lists, and if/when you have a patch ready, you can reopen this issue and attach this patch. Thanks ;)