Damian, Tim suggested "user/group" or "[EMAIL PROTECTED]". That didn't work for you but what about "role in group" where this is really a set of roles for which you allow the user to specify the group part of the name.
In this case your security model would have roles such as "customer" and "vendor" and groups such as "retail" and "wholesale" but the Tomcat authentication structure would have roles of "retail-customer", "retail-vendor", "wholesale-customer" and "wholesale-vendor". The number of roles may get fairly large and you may want to consider a tool to manage them but the concept would probably work. I think you would have to write your own "isUserInRole" check to allow you to concatenate the variables retrieved from the application but it wouldn't be very complicated. Murray -----Original Message----- From: Damian Minkov [mailto:[EMAIL PROTECTED] Sent: Tuesday, 30 September 2003 19:40 To: [EMAIL PROTECTED] Subject: Custom authenticate For 2 weeks I'm fighting with the authentication in Tomcat. Is it possible to make it authenticate the user with 3 params. For example username, password, and group belongs to. I need the third one because the roles of the user are different for different groups. I tried to make my own Valve and realm and to use the Valve as authenticator but I can't get it work. Some ideas ? 10x in advance --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
