> I'm just installing the new slide 1.0.10 release and would like to revisit
> my question about the consistency of roles defined in Domail.xml/web.xml
> (partial file contents pated in below).
>
> Domain.xml:
> <role name="admin">slideroles.basic.RootRole</role>
> <role name="guest">slideroles.basic.GuestRole</role>
> ...
> <permission action="/actions" subject="admin"/>
> <permission action="/actions/read" subject="user"
> ...
> <objectnode classname="slideroles.basic.GuestRoleImpl"
> uri="/users/guest">
> <revision>
> <property name="password"></property>
> </revision>
> </objectnode>
>
> </objectnode>
> ...
>
> <objectnode classname="slideroles.basic.RootRoleImpl"
> uri="/users/root">
> <revision>
> <property name="password">root</property>
> </revision>
> </objectnode>
>
> web.xml:
> -------
>
> <!--security-constraint>
> <web-resource-collection>
> <web-resource-name>DAV resource</web-resource-name>
> <url-pattern>/*</url-pattern>
> <http-method>COPY</http-method>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>LOCK</http-method>
> <http-method>MKCOL</http-method>
> <http-method>MOVE</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>POST</http-method>
> <http-method>PROPFIND</http-method>
> <http-method>PROPPATCH</http-method>
> <http-method>PUT</http-method>
> <http-method>UNLOCK</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>root</role-name>
> <role-name>guest</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Manager</web-resource-name>
> <url-pattern>/manager/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>root</role-name>
> </auth-constraint>
> </security-constraint>
>
>
> Could anyone explian how this fits together. I have tried the
documentation
> but do not understand.
>
> The web.xml says that the methods are available to root and guest on path
> /*. I have these roles setup in tomcat-users.conf. This I understand.
>
> The Domain.xml confuses me ...
>
> Domain.xml seems to assign a few roles e.g. <role
> name="admin">slideroles.basic.RootRole</role>
>
> at the top, but does not seem to use these roles?
>
> e.g.
>
>
> <permission action="/actions" subject="admin"/>
>
> and then,
>
>
> <objectnode classname="slideroles.basic.RootRoleImpl"
> uri="/users/root">
> <revision>
> <property name="password">root</property>
> </revision>
> </objectnode>
>
> This last part seems to use the whole classname
> slideroles.basic.RootRoleImpl
>
> to assign this level of access to root?
>
> So why define:
>
> <role name="admin">slideroles.basic.RootRole</role>
>
> at the top?
>
>
> Any help with this or a few sentences to explain how all this fits would
be
> much appreciated.
Yes, it's indeed confusing, between :
- the user names declared in the servlet container realm
- the security constraint roles
- the Slide users
- the Slide roles (and esp the class names which are different from the role
name)
I'll try to modify the default configuration so that it's less confusing.
A nice way to reduce the amount of different types of roles / users in your
system is to try to use the SlideRealm + Catalina. In the past, versions of
Tomcat 4 packaged with Slide were avalilable, but it was very time consuming
to maintain the packaging as both products evolved a lot. Now that TC 4 is
more stable (as well as Slide), I think it would be a good idea to start
again.
Remy
