Return-Path: 
 <tomcat-user-return-115364-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 4354 invoked from network); 18 Nov 2004 00:31:03 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 18 Nov 2004 00:31:03 -0000
Received: (qmail 13130 invoked by uid 500); 18 Nov 2004 00:30:39 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 13107 invoked by uid 500); 18 Nov 2004 00:30:39 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 13092 invoked by uid 99); 18 Nov 2004 00:30:39 -0000
X-ASF-Spam-Status: No, hits=0.6 required=10.0
	tests=FROM_ENDS_IN_NUMS
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Received: from [66.33.216.24] (HELO smarty.dreamhost.com) (66.33.216.24)
  by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 17 Nov 2004 16:30:36 -0800
Received: from strange.dreamhost.com (strange.dreamhost.com [66.33.193.57])
	by smarty.dreamhost.com (Postfix) with ESMTP id CAC1013F66A
	for <tomcat-user@jakarta.apache.org>; Wed, 17 Nov 2004 16:30:32 -0800 (PST)
Received: by strange.dreamhost.com (Postfix, from userid 7734)
	id 905886A879; Wed, 17 Nov 2004 16:30:33 -0800 (PST)
Date: Wed, 17 Nov 2004 18:30:33 -0600
From: QM <qm300@brandxdev.net>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: Declarative security in context?
Message-ID: <20041118003033.GF8416@strange.dreamhost.com>
References: <419BC97F.6050001@tardell.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <419BC97F.6050001@tardell.se>
User-Agent: Mutt/1.3.28i
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Wed, Nov 17, 2004 at 10:58:23PM +0100, Simon Tardell wrote:
: I want to deploy multiple instances of the same webapp, with different 
: authorization rules. However, declarative security is done in the 
: web.xml of which there will only be one copy (referred by multiple 
: contexts). Is it possible to impose security constraints on a web app 
: from the outside, i.e. declaring them in the context rather than in the 
: web.xml?  Ideally I'd like to be able to "shadow" parts of the web.xml 
: on a per context basis, but I can't see how to do that. Would I have to 
: write a valve to do custom authorization?

You may have an easier time using an automated build process (e.g. Ant)
that supports substitution rules in files, and creating separate webapps
for each set of security rules.

Pain in the rear?  Not really.
Wasteful of space? Perhaps, but perhaps not.
Portable across all containers?  Yes.

I forget the task off the top of my head, but I believe Ant's <copy>
task lets you feed a series of property-based replacement patterns to
the replacement engine.

For example, if the file has

	<.... port=@app.port_num@ ...>

and the property file defines

	app.port_num = 4000

Then the resultant (copied) file will have:

	<.... port=4000 ...>

Have one properties file per webapp, aka per set of security rules.

-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org