tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike La Budde <mike.labu...@irista.com>
Subject role-based security how to?
Date Wed, 13 Dec 2000 17:18:05 GMT
I'm a bit at a loss as to how I'm supposed to configure the role-based 
security in my webapp's web.xml file.

Consider the following scenario for my webapp:

area 				roles
/pages/customers/* 		sales,admin
/pages/orders/*		sales,clerks,admin
/pages/products/* 		clerks,admin

It's easy to configure multiple web-resource-collections for this, e.g.
       <web-resource-collection>
          <web-resource-name>customers</web-resource-name>
          <url-pattern>/pages/customers/*</url-pattern>
       </web-resource-collection>
       <web-resource-collection>
          <web-resource-name>orders</web-resource-name>
          <url-pattern>/pages/orders/*</url-pattern>
       </web-resource-collection>
       <web-resource-collection>
          <web-resource-name>products</web-resource-name>
          <url-pattern>/pages/products/*</url-pattern>
       </web-resource-collection>

The following:

       <auth-constraint>
          <role-name>admin</role-name>
       </auth-constraint>

seems to allow anyone with the role of admin to access all of the specified 
web-resource-collections (which is fine in this example);
But how do I configure the other roles (sales & clerks) to only have access 
to a specified web-resource-collection??

Any help would be greatly appreciated!

TIA,

Mike


Mime
View raw message