I have been reading about Tomcat's SSO and have questions on the following scenario:
There are three web applications A, B and C. Each web application has its own administrators, managers, registered users etc and are independent of each other, i.e.
User1 can be an administrator in A, but only a registered user in B and C.
But, according to the documentation
"Once authenticated, the roles associated with this user will be utilized for access control decisions across all of the associated web applications..."
If User1 gets logged in, will he be
Case1: administrator in all web applications
Case2: administrator in A and regular users in B and C (as intended)? Any explanations are appreciated.
If it is Case2 and as I have roles for a user in LDAP, how does it get translated to the web application, i.e. how does tomcat tell web application A that User 1 is administrator and B and C that he is a regular user?