> Hello, > > I have build an application with an authentication with a NT Domain. I > have some authorization aspects, too. That means, not every authenticated > user has the rights to do some actions. > > I have port this application to a webapp. The authentication part works > fine. The user has to input his name and password an will be authenticate > or not. But with the authorization part I have some problems. > > What is the best way to protect some sites with Jaas. I mean the user1 has > the right to run some jsp`s, but user2 has this right not. > > On the application site I do this grants in the policy like: > > grant codebase "file:./MyTest.jar", Principal NTPrincipal "user1"{ > permission java.util.PropertyPermission "user.dir", "read"; > permission java.util.PropertyPermission "user.home", "read"; > permission java.util.PropertyPermission "java.home", "read"; > permission java.io.FilePermission "foo.txt", "read"; > }; > > But has anyone an idea, or has it implemented for websites. I am not sure > what the best concept is. I think the server should take some work on > this, so that I can grant it like: > > server.accessFantasyPermission"htdocs/jsp1", "read"; > permission > > Is it possible to do something like this? > > Thank you > Juraj > >
-- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>