How to grant access to authenticated users in Tomcat 5.5.x?

I'd like to be grant access to authenticated users in my web application without requiring them to be a member of a specific role.

My first guess was to specify <role-name>*</role_name> in my auth-constraint, however it seems that this just means grant access to any role defined in my web-app, not grant access to any authenticated user.

Is it possible to 开发者_开发问答do this in Tomcat 5.5.x and if so how?

As it turns out, Tomcat does support this. In the server.xml, add allRolesMode = authOnly in the appropriate Realm tag.

I think the direct answer is no, you can't do that in Java EE 5. But you could create an "everyone" role which every authenticated user is a part of. I think that's what John is getting at, and is how I would do it. It's really not much different.

Alternatively, if you're willing to do this programmatically, and are using container-managed authentication, you should be able to detect an authenticated user by checking whether HttpServletRequest.getRemoteUser() isn't null. That doesn't involve roles.