>
Yue Dong wrote:
>
> Is there any way to authenticate different pages for different users
> (roles)? I understand web.xml could define some resource for some roles.
> How can I let different users have different level access rights? Say
>
> Manager could access /app/*
> Developer could access /dev/*
>
This is exactly what the security constraint entries in web.xml are
for. You would use something along the lines of
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Development</web-resource-name>
<url-pattern>/dev/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>developer</role-name>
</auth-constraint>
</security-constraint>
Of course they'd both be part of the same web application... There was
a bug in JRun which caused some problems wit this but it seems to have
been fixed by the recent service pack.
Luke.
--
Luke Taylor.
PGP Key ID: 0x57E9523C
------------------------------------------------------------------------------
Archives: http://www.egroups.com/group/jrun-interest/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.
