tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [POLL] Finer-grained "manager" user-access privileges?
Date Sun, 10 Jun 2012 14:52:47 GMT
Hash: SHA1


On 6/8/12 7:06 AM, Konstantin Kolinko wrote:
> Specifically I do not like hard-coding role names into code. I
> think there could be some helper component that could help in
> access checks. (To be discussed separately). It will need some
> model to map access checks to roles.

I was thinking that we would just define the roles and apply them to
to URLs that perform those actions. For example, "manager-gui-deploy"
would be able to invoke


The same would be true for the other operations.

> What should we do with "list applications" page? Should it filter 
> itself and hide unaccessible actions? I think that is what will be 
> asked next.

That's a good question, and you're right: we'd need to perform
access-checks in the page which is ugly, though a fairly standard
practice in many web applications. The good news is that we don't
support 500 operations so fully-supporting them all shouldn't be too
bad if we wanted to hide unavailable options.

Isn't there already this problem with the "status" role versus all of
the roles that can actually do things like deploy, etc.?

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message