https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
--- Comment #7 from Dennis Verbeek <dverb...@hotmail.com> --- (In reply to comment #6) > It isn't quite that simple. The application may still make a call to > isUserInRole(). I suggest we define the result of that call as: AUTH_ONLY_MODE => true STRICT_AUTH_ONLY_MODE => false > > There may well be a special case for each realm if all of the following are > true: > - AUTH_ONLY_MODE or STRICT_AUTH_ONLY_MODE > - the Realm uses separate attributes to define the role store > - the role store attributes are undefined Huh? #3 conflicts with #2. > In this case, there is no need to look up the roles although an INFO log > message on Realm start just to remind the admin what is going on wouldn't > hurt. Why create log messages if it is configured not to use the roles table? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
