tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Dynamic auth-constraint in web.xml ?
Date Fri, 03 May 2013 11:52:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cédric,

On 5/3/13 3:09 AM, Cédric Couralet wrote:
> More of a servlet spec question than a tomcat one, and, from what
> I read, a rather long shot, but is there a way to define
> auth-constraint dynamically in web.xml?
> 
> For instance I'd like to have the following
> 
> <security-constraint> <display-name></display-name> 
> <web-resource-collection> <web-resource-name></web-resource-name> 
> <url-pattern>/something/(.*)/someotherthing</url-pattern> 
> <http-method>PUT</http-method> <http-method>POST</http-method>

> <http-method>DELETE</http-method> </web-resource-collection> 
> <auth-constraint> <role-name>\1_something</role-name> 
> </auth-constraint> </security-constraint> <security-role> 
> <role-name>*_something</role-name> </security-role>
> 
> with \1 being the (.*) in url-pattern ?

Nope. You'll have to resort to using a Filter.

> I know I can do it programmatically with something like 
> request.isUserInRole(). But I would like to define all  the webapp 
> security in another place than in code (if only not to forget
> anything :) ).

If you wanted things to be a bit more explicit in web.xml, you could
write a Filter that checks for a *specific* user role, and then
configure it all in web.xml.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRg6TwAAoJEBzwKT+lPKRY+44QAImu0S7ZBXEhLZTm7UNXDbkR
amV3YxI5XwiIEWxEOUj7RIPM/edXcYbcOZyZl8GDmQzR4IZJrzo0JbjjnlNhmaq+
MLh9lYDOdMZh4I3rgWIw/yE4fMSu6AIDdXZc3eVzv/VERZkmgoxhpeec878MGA+a
g0M9BvuKRp+uuGBk6D25aQ+bvyL2DqKMnXsSroUF4zu4g+O+wdJAjwZYR5wW59TQ
L3OLsToTQWhWFTfSBYqmnwehp4jHEtT/p7jF/5BOdqhsRepVsTrdSsnl2rlk62v9
xguEUOdiE1mu804leaUhtvVIBn2MlboyCbqrslxno4vliW9DxA2rdVYxd/Dd4jxw
oZ669QNOPoedVnbBtD5mCo67+79CHdj5pysgaRPAWZOdLV0MmsuGxfyuOfiHdQ81
Mq6iMNGVEtYL9oEqP3im1JjpIPpsoYc95PjiHxwHXQmCfSJiaJYID1nnSAv6HHah
uTyGsxA4XMMJ7nM97z4dKHcDqiMDMKD+d506L551jzgyQQmMW6yzarjowRg9JRpe
70crk4hvNiZt4DhcKvRwkO7RZ+6NbTWfOUFaUa2pSm96yLAZWKf/EG6vr1wLfPyh
9525LDTZ9AUc7m4dBywgsv6DLWd2UbvWujcvlMJZ/zr31Tmcp39tgLcCbt3IO8tt
1kr+BtYQaMlQyH8/G89Z
=JS9x
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message