Hi, this is me again.
I just wanted to say that I found out that web.xml is ALWAYS read at least for the security settings (I only tested for that) This also seems independent of the flag in server.xml where you can set reloadable to false. So the good news is, that you can have variable roles and you don't even have to do a context restart. Regards, Eelco Hier my previous post: > Hello. > > I am working on a web application that creates directories with > resources (mainly Gifs) > in it. When creating new directories, i.e. "res1" and "res2", > I need new > > userroles as well, i.e. res1_viewer and res2_viewer. > > Now if somebody logs in as a res1_viewer, how can I make sure > that he or > she only has access > to those resources he or she has the proper rights for? And NOT the > resources in directory > res2. I.e. by typing the direct URL to the GIF in the address > bar of the > browser. > > The problem is that the new security constraint for the created > directories are > in web.xml and this file is only read at application/tomcat startup. > > I found a post from 3 years ago, written by somebody with more or less > the > same question at: > http://w6.metronet.com/~wjm/tomcat/2000/May/msg00502.html Here the replier advices to do something like a Context Restart. My question is: is this still the best way? If this (old) thread is really outdated, what would be the right way to proceed with this problem? Should I extend/implement JDBCRealm? I am using Tomcat 4.1 on Windows/Linux/Unix with JDK 1.3.1_08 Any help will be greatly appreciated! Regards, Eelco --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]