How can I map LDAP role names to application role names on Tomcat

Issue

The problem we’re trying to solve on Tomcat is “how to we take a physical group name “Role-LongName-Admin” and map that to an application role named “admin””? On JBoss Enterprise Application Platform (EAP) we have the RoleMappingLoginModule, on Weblogic we have the weblogic.xml. Tomcat out of the box has no equivalent.

On normal Tomcat, we could subclass org.apache.catalina.realm.JNDIRealm and override getRoles(), however due to User being package-private this requires it to be in the same package. We cannot place the custom subclass in the same package because the Tomcat classes in EWS are in signed jars.

Environment

Tomcat 6
JBoss Enterprise Web Server (EWS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

How can I map LDAP role names to application role names on Tomcat

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links