Users can exist without roles.
You need to make sure they are defined in your SLIDE realm and that they are
also explicitly named in the Domain.xml (on initialisation) or added to the
.def.xml for each SLIDE element to ensure they have access.
Once you have these two in synch you can grant or deny any priviledge to them.
Hth
Phil
-----Original Message-----
From: Constantine Vetoshev [mailto:[EMAIL PROTECTED]
Sent: Mon 11/07/2005 23:25
To: slide-user@jakarta.apache.org
Cc:
Subject: Adding a user without updating the group-member-set
This is perhaps more of a Tomcat question than a Slide question, but
here goes anyway:
For my application, I don't need to use Slide roles. Given the way ACEs
work in Slide, I can assign a privilege to any user on an individual
basis, which is exactly what I need. If, however, I create a user
without adding the user to a group-member-set, and then try to log in
as that user, I can't even get to the point of testing the resulting
ACL. Tomcat (5.0.28) throws a 403 error before even trying to run any
Slide code. I put a breakpoint on the first line of the service method
of WebdavServlet, and never reached it.
In a nutshell, I created a user, /users/john3, but did not add him to
any role's group-member-set. Logging in to Slide as john3 fails inside
Tomcat, before any Slide-specific code runs. Presumably, this has to do
with the realm and auth-constraints configured in Tomcat, which somehow
check user IDs and roles against Slide's idea of user roles. I'm using
a completely stock Tomcat configuration (except for adding the slide
realm).
Is it at all possible to use Slide without updating the
group-member-set? I'll never use ACEs which rely on group memberships.
I understand that I can just add all new users to /roles/user when I
create them, and remove them from /roles/user when I delete them, but
it seems like an unnecessary hassle. Are Tomcat and Slide so married to
the idea of roles that it cannot be removed?
Many thanks,
CV
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
IMPORTANT NOTICE
If you have received this e-mail in error or wish to read our e-mail disclaimer
statement and monitoring policy, please refer to the statement below or contact
the sender.
This communication is from Deloitte & Touche LLP. Deloitte & Touche LLP is a
limited liability partnership registered in England and Wales with registered
number OC303675. A list of members' names is available for inspection at
Stonecutter Court, 1 Stonecutter Street, London EC4A 4TR, United Kingdom, the
firm's principal place of business and registered office. Deloitte & Touche
LLP is authorised and regulated by the Financial Services Authority.
This communication and any attachments contain information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of disclosure, distribution, copying or use of this communication
or the information in it or in any attachments is strictly prohibited and may
be unlawful. If you have received this communication in error, please return
it with the title "received in error" to [EMAIL PROTECTED] then delete the
email and destroy any copies of it.
E-mail communications cannot be guaranteed to be secure or error free, as
information could be intercepted, corrupted, amended, lost, destroyed, arrive
late or incomplete, or contain viruses. We do not accept liability for any
such matters or their consequences. Anyone who communicates with us by e-mail
is taken to accept the risks in doing so.
When addressed to our clients, any opinions or advice contained in this e-mail
and any attachments are subject to the terms and conditions expressed in the
governing Deloitte & Touche LLP client engagement letter.
Opinions, conclusions and other information in this e-mail and any attachments
which do not relate to the official business of the firm are neither given nor
endorsed by it.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
