On 16 Jan 2003 at 16:57, James Higginbotham wrote: > > That means, Slide must know about your users AND Tomcat must > > know. Because Tomcat does authentication and Slide does > > authorization. See the following message: > > I hope this isn't the case always, but rather just the slide > defaults.. Please tell me that either the JDBC or J2EE datastores > will allow the admin Gui to use some more sophisticated means of > managing users and groups without syncing with the tomcat > security (via a custom realm for Tomcat perhaps)?
There must be a SlideRealm, which tells Tomcat to pull user info from Slide. I haven't used it yet, so I can't tell you more. But there is something in the docs at Tomcat Howto. > > Also, can you tell me (from a high view, I'll see the source from > your hints) where/how you are performing authorization in the > code? I may want to plugin a custom realm that can talk to a DB > or some datasource that the admin GUI can push ids into, rather > than syncing them if you don't have something like that already.. SecurityImpl does the authorization. Look at it's method hasPermission(...). Everytime you try to read something with the Content or Structure helpers the check is performed. If the user, which was used to initialise the SlideToken, hasn't got enough rights, an AccessDeniedException is thrown. Andreas > > > Thanks, > James > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> For additional > commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
