There are two parts to Tomcat security: authentication and authorization. Authentication occurs when a valid username is entered during login. A valid username is one that matches a Novell® eDirectory™ user ID. Authorization occurs if the valid user has been assigned the correct roles that allow the user to have access to a secured Web application.
To facilitate authorization, a collection of role names is created in the Tomcat-Roles Organizational Unit (OU) in eDirectory. By default, this OU is created in the same container where the NetWare server's context is created during installation of NetWare.
Roles are represented as eDirectory groups contained in the Tomcat-Roles OU. A role can then be used for authentication purposes when a client requests access to a specific Web application. For example, if you had an inventory tracking application that you wanted to secure, you would add the name of the role to the application's XML file. When users request access to the application, they are prompted for a username and password. If the user object does not exist in the Tomcat-Roles OU, they do not have access to the application. Therefore, for users to be authorized in the admin role, they must be a member of the admin Group.