tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From juraj Lenharcik <>
Subject protect websites with jaas
Date Thu, 07 Feb 2002 10:12:31 GMT

I have build an application with an authentication with a NT Domain. I have
some authorization aspects, too. That means, not every authenticated user
has the rights to do some actions. 

I have port this application to a webapp. The authentication part works
fine. The user has to input his name and password an will be authenticate or
not. But with the authorization part I have some problems. 

What is the best way to protect some sites with Jaas. I mean the user1 has
the right to run some jsp`s, but user2 has this right not. 

On the application site I do this grants in the policy like:

grant codebase "file:./MyTest.jar", Principal NTPrincipal "user1"{
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "java.home", "read"; 
permission "foo.txt", "read"; 

But has anyone an idea, or has it implemented for websites. I am not sure
what the best concept is. I think the server should take some work on this,
so that I can grant it like:

server.accessFantasyPermission"htdocs/jsp1", "read"; 

Is it possible to do something like this? 

Thank you

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message