Tony If you use the newly committed JNDIRealm, you can easily arrange that each user has a role whose name is the same as their username. Just set "userRoleName" to "uid" (or whatever attribute of the user's directory entry holds the username) and your security constraint below should work.
Authorisation by username will is also possible with the original JNDIRealm, if you define a suitable role search, but you couldn't then use LDAP groups for authorisation as well. John. At 22:14 14/03/02, Tony Dahbura wrote: >I would like to set up my realm to allow folks in by userid not by >rolename. > >I do not know what the tag for the web.xml file should be The following >is a sample security constraint. >The role names are working fine, but I need to say if a user is tony or >user is x then allow them in, but without the use of >roles. > ><security-constraint> > <display-name>Example Security Constraint</display-name> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <!-- Define the context-relative URL(s) to be protected --> > <url-pattern>/jsp/security/protected/*</url-pattern> > <!-- If you list http methods, only those methods are protected --> > > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area >--> > <!-- the following does not work because tony is a userid not a >rolename --> > <!-- what tag should I use to get this to work so userid tony >can access the application space? --> > <role-name>tony</role-name> > <role-name>marketing</role-name> > <role-name>role1</role-name> > </auth-constraint> > </security-constraint> > >Thanks, >Tony > > > >-- >To unsubscribe: <mailto:[EMAIL PROTECTED]> >For additional commands: <mailto:[EMAIL PROTECTED]> >Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
