tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <cedric.coura...@gmail.com>
Subject Dynamic auth-constraint in web.xml ?
Date Fri, 03 May 2013 07:09:12 GMT
Hello,

More of a servlet spec question than a tomcat one, and, from what I
read, a rather long shot, but is there a way to define auth-constraint
dynamically in web.xml?

For instance I'd like to have the following

    <security-constraint>
        <display-name></display-name>
        <web-resource-collection>
            <web-resource-name></web-resource-name>
            <url-pattern>/something/(.*)/someotherthing</url-pattern>
            <http-method>PUT</http-method>
            <http-method>POST</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>\1_something</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>*_something</role-name>
    </security-role>

with \1 being the (.*) in url-pattern ?

I know I can do it programmatically with something like
request.isUserInRole(). But I would like to define all  the webapp
security in another place than in code (if only not to forget anything
:) ).

I don't know if it relevant but I'm using tomcat 6.0.36 at the moment
on Windows 2003 with jdk 1.6_0.37.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message