tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From juraj Lenharcik <juraj.lenhar...@datainput.de>
Subject WG: protect websites with jaas
Date Thu, 07 Feb 2002 10:29:52 GMT

> Hello,
> 
> I have build an application with an authentication with a NT Domain. I
> have some authorization aspects, too. That means, not every authenticated
> user has the rights to do some actions. 
> 
> I have port this application to a webapp. The authentication part works
> fine. The user has to input his name and password an will be authenticate
> or not. But with the authorization part I have some problems. 
> 
> What is the best way to protect some sites with Jaas. I mean the user1 has
> the right to run some jsp`s, but user2 has this right not. 
> 
> On the application site I do this grants in the policy like:
> 
> grant codebase "file:./MyTest.jar", Principal NTPrincipal "user1"{
> permission java.util.PropertyPermission "user.dir", "read";
> permission java.util.PropertyPermission "user.home", "read";
> permission java.util.PropertyPermission "java.home", "read"; 
> permission java.io.FilePermission "foo.txt", "read"; 
> };
> 
> But has anyone an idea, or has it implemented for websites. I am not sure
> what the best concept is. I think the server should take some work on
> this, so that I can grant it like:
> 
> server.accessFantasyPermission"htdocs/jsp1", "read"; 
> permission 
> 
> Is it possible to do something like this? 
> 
> Thank you
> Juraj
> 
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message