2. 声明LDAP组为安全角色.
<web-app id="WebApp">
<servlet id="bridge">
<!-- ... -->
</servlet>
<!-- ... -->
<security-role>
<role-name>JazzAdmins</role-name>
<role-name>JazzDWAdmins</role-name>
<role-name>JazzUsers</role-name>
<role-name>JazzGuests</role-name>
<!-- Addendum
If the names of your LDAP Groups are the same as the default Jazz roles
you don't need to add the following tags
-->
<role-name>[LDAP Group for Jazz admins]</role-name>
<role-name>[LDAP Group for Jazz users]</role-name>
<role-name>[LDAP Group for Jazz Data Warehouse Admin]</role-name>
<role-name>[LDAP Group for Jazz guest]</role-name>
<!-- End Addendum -->
</security-role>
<!-- ... -->
</web-app>
3. 添加组名称到一套安全角色,使得该组的用户被授予获得相匹配的网络资源。
<web-app id="WebApp">
<!-- ... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>JazzUsers</role-name>
<role-name>JazzAdmins</role-name>
<role-name>JazzGuests</role-name>
<role-name>JazzDWAdmins</role-name>
<!-- Addendum
If the names of your LDAP Groups are the same as the default Jazz roles
you don't need to add the following tags
-->
<role-name>[LDAP Group for Jazz admins]</role-name>
<role-name>[LDAP Group for Jazz users]</role-name>
<role-name>[LDAP Group for Jazz Data Warehouse Admin]</role-name>
<role-name>[LDAP Group for Jazz guest]</role-name>
<!-- End Addendum -->
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- ... -->
</web-app>
4. 映射LDAP-JazzAdmins组和安全限制.
<web-app id="WebApp">
<!-- ... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>adminsecure</web-resource-name>
<url-pattern>/admin/cmd/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>JazzAdmins</role-name>
<!-- Addendum -->
<role-name>[LDAP Group for Jazz admins]</role-name>
<!-- End Addendum -->
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- ... -->
</web-app>
完成修改server.xml和web.xml后,在Tomcat端的配置就完成了。