Note: This applies to all Tomcat versions In enterprises you often use a centralized identity store where you do not have control over the group/roles names, but in your application you want to use friendly role names, e.g., 'admin', 'user', 'clerk', etc. Luckily realms utilize Context.findRoleMapping(String) indirectly, so we only need to populate those mappings. I have written such a mapping listener and would like to integrate it into upstream: https://mo-tomcat-ext.sourceforge.net/apidocs/net/sf/michaelo/tomcat/extras/listeners/PropertiesRoleMappingListener.html if there is a general interest, I guess there is. There code is straight forward: https://sourceforge.net/p/mo-tomcat-ext/code/HEAD/tree/trunk/src/main/java/net/sf/michaelo/tomcat/extras/listeners/PropertiesRoleMappingListener.java
PR provided.
Fixed in: - main for 11.0.0-M8 and onwards - 10.1.x for 10.1.11 and onwards - 9.0.x for 9.0.77 and onwards - 8.5.x for 8.5.91 and onwards
*** Bug 55477 has been marked as a duplicate of this bug. ***