I'm currently working on a project migrating a J2EE app from WebSphere v5.1 to Tomcat 6. Previously, authentication & authorization were handled by the WebSphere container and associated EAR file. This was all done through the WebSphere Admin Console GUI.
What I need now, is for the Tomcat container to handle authentication through LDAP. This I have working. Now, my problem is this... We currently do not retrieve any roles from the LDAP, just search for correct uid/credentials. Our WebSphere container previously granted the Admin role to ALL authenticated users through the EAR deployment descriptor.
How can I achieve this with Tomcat? Do I need to create a custom JAAS LoginModule? I need to keep the form based authentication for my app.
Thanks in advance to any help you can provide.
posted 10 years ago
I have an idea, let me know if this will work.
Could I just extend the JNDIRealm and override the getRoles method to always return some hard coded roles? Since I already have a JNDIRealm which works for authentication, this seems like a temporary fix.
Put a gun against his head, pulled my trigger, now he's dead, that tiny ad sure bled