jford 2004/08/12 05:55:05 Modified: etc fusion-web.xml Log: Added security roles and constraints Revision Changes Path 1.2 +75 -3 jakarta-jetspeed/etc/fusion-web.xml Index: fusion-web.xml =================================================================== RCS file: /home/cvs/jakarta-jetspeed/etc/fusion-web.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fusion-web.xml 30 Jul 2004 19:16:58 -0000 1.1 +++ fusion-web.xml 12 Aug 2004 12:55:04 -0000 1.2 @@ -15,8 +15,8 @@ limitations under the License. --> <!DOCTYPE web-app - PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" - "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd";> + PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" + "http://java.sun.com/dtd/web-app_2_3.dtd";> <web-app> <display-name>Jetspeed Enterprise Information Portal</display-name> @@ -43,6 +43,23 @@ <param-value>org.apache.jetspeed.services.logging.JetspeedLoggingService</param-value> </init-param> <load-on-startup>1</load-on-startup> + + <!-- + <security-role-ref> + <role-name>user</role-name> <!-//-Jetspeed role name, passed to isUserInRole-//-> + <role-link>user</role-link> <!-//-tomcat role name-//-> + </security-role-ref> + + <security-role-ref> + <role-name>admin</role-name> + <role-link>admin</role-link> + </security-role-ref> + + <security-role-ref> + <role-name>guest</role-name> + <role-link>guest</role-link> + </security-role-ref> + --> </servlet> <servlet-mapping> @@ -90,5 +107,60 @@ <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> - + + <!-- + <security-constraint> + <display-name>Jetspeed Security</display-name> + <web-resource-collection> + <web-resource-name>Protected Area</web-resource-name> + <!-//- Define the context-relative URL(s) to be protected -//-> + <url-pattern>/*</url-pattern> + <!-//- If you list http methods, only those methods are protected -//-> + <http-method>DELETE</http-method> + <http-method>GET</http-method> + <http-method>POST</http-method> + <http-method>PUT</http-method> + + </web-resource-collection> + <auth-constraint> + <!-//- Anyone with one of the listed roles may access this area -//-> + <role-name>user</role-name> + <role-name>admin</role-name> + </auth-constraint> + + <!-//- + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + -//-> + </security-constraint> + + <login-config> + <auth-method>BASIC</auth-method> + <realm-name>Jetspeed BASIC Authentication</realm-name> + </login-config> + + <!-//- Default login configuration uses form-based authentication -//-> + <!-//- + <login-config> + <auth-method>FORM</auth-method> + <realm-name>Example Form-Based Authentication Area</realm-name> + <form-login-config> + <form-login-page>/jsp/security/protected/login.jsp</form-login-page> + <form-error-page>/jsp/security/protected/error.jsp</form-error-page> + </form-login-config> + </login-config> + -//-> + + <!-//- Security roles referenced by this web application -//-> + <security-role> + <role-name>admin</role-name> + </security-role> + <security-role> + <role-name>user</role-name> + </security-role> + <security-role> + <role-name>guest</role-name> + </security-role> + --> </web-app>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
