Thanks for the clarification. Regarding "Bottom line, currently you have to create nodes for your users/groups and classes for your roles."
Does this mean for a node ( user), It can NOT have multiple roles UNLESS a class is created to implement multiple interface? For group, it seem more convenient to use. Is there a way to assign a user to a group besides add a entry in the Domain.xml file? Thanks for the help. Jiantao -----Original Message----- From: Dirk Verbeeck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 5:49 PM To: [EMAIL PROTECTED] Subject: Re: Role based access Jiantao Pan wrote: > > I am using tomcat4.0 and slide recent build. It uses > JDBCDescriptorsStore with mysql and FileContentStore > It is configured to use JDBCRealm for authentication and role > assignment. I have setup a user with role "root" and "groupA". And in > permissions table, both root and groupA has write access to files. > However, When I tries to Put a file. It give me forbidden response. > Am I missing something? I am not clear with the following 2 questions. > Maybe they are related to my problem... > 1. When I insert a row in my user table, Then the new user can be > authenticated and associated with certain role. But it is not inserted > in the "objects" table, will this matter? > 2. In web.xml, there is entries to open access for certain roles,which I > uncomment to enable security. There is also "permissions" table for > controlling access, what is the relationship between them? > Thanks for the help. > Jiantao The tomcat roles have nothing to do with the slide groups or roles. 1) The roles that you configure in the JDBCRealm from tomcat are only used for granting access to the servlet (the roles that are in web.xml). Your user jpan has a realm role root and has access to the servlet. 2) Slide roles are defined like this (RootRole is a java interface) <role name="root">slideroles.basic.RootRole</role> For your user to have this role, he has to be of a class that implements that interface. <objectnode classname="slideroles.basic.RootRoleImpl" uri="/users/jpan"> RootRoleImpl is a class that implements the RootRole interface. It will then match: <permission action="/actions" subject="root"/> 3) A Slide group is GroupNode that has links to other nodes (its members) <objectnode classname="org.apache.slide.structure.GroupNode" uri="/users/groupA"> <objectnode classname="org.apache.slide.structure.LinkNode" uri="/users/groupA/jpan" linkedUri="/users/jpan" /> </objectnode> When you grant a permission to a group you have put a "+" sign in front of the principal to indicate its a group: <permission action="/actions/write" subject="+/users/groupA"/> Bottom line, currently you have to create nodes for your users/groups and classes for your roles. Hope this helps Dirk
