tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim De Pauw <tim.dep...@hogent.be>
Subject Per-user management rights
Date Fri, 20 Jan 2012 15:19:12 GMT
Hi all,

I'm trying to configure Tomcat so that a separate login is required to 
deploy certain apps. Let's say I have a '/someapp' context, which I 
would like 'someuser' to deploy remotely. However, 'someuser' cannot 
deploy apps to '/someotherapp', and conversely, 'someotheruser' cannot 
touch '/someapp'.

So far, I tried to add a Context to server.xml (I know it's discouraged) 
for the app, containing a memory realm that has its own user list:

     <Context path="/someapp" docBase="someapp">
       <Realm className="org.apache.catalina.realm.MemoryRealm"
         pathname="conf/realm.someapp.xml" />
     </Context>

The file realm.someapp.xml simply contains:

     <tomcat-users>
       <user username="someuser" password="secret"
         roles="manager-script"/>
     </tomcat-users>

But now, I'm mostly stuck. I'm guessing 'someuser' would also have to 
have access to the manager app in order to deploy, but that would mean 
that this user would also have management access to other people's apps.

I assume I'm doing something fundamentally wrong here, but the docs 
don't seem to cover this sort of thing explicitly. I guess I could 
create separate hosts for each app and user, but that seems tedious and 
unnecessary.

Any pointers? Thanks.

Kind regards,

-- 
Tim De Pauw <tim.depauw@hogent.be>
Vakgroep Informatica
Geassocieerde faculteit Toegepaste Ingenieurswetenschappen
Hogeschool Gent
http://tiwi.be/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message