you didn't mention your version, but filters are a 4.x feature. There are filter examples in the 'examples' context under /WEB-INF/classes/filters
Charlie > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 01, 2002 12:47 PM > To: [EMAIL PROTECTED] > Subject: RE: Security Realm Limitations (More on protecting PDF > documents. > > > > you can use a filter to do this programatically. You can use > > request.isUserInRole("myrole") to see if they are in a given role. > > > > What do you mean my "usa filter"? > Can you point me to docs/examples? > > > you can reload web.xml by using manager to stop/start(not > reload) the > > application. This will only affect the requested context as > opposed to > > restarting tomcat. > > > > Charlie > > > >> -----Original Message----- > >> From: Brad Rhoads [mailto:[EMAIL PROTECTED]] > >> Sent: Friday, June 28, 2002 5:29 PM > >> To: 'Tomcat Users List'; [EMAIL PROTECTED] > >> Subject: RE: Security Realm Limitations (More on protecting PDF > >> documents.) > >> > >> > >> Is there an API that so I can update the web.xml programaticly? > >> > >> Other options that wouldn't require restarting Tomcat? While > >> the # of PDFs > >> will not change often, access will. I assume I'd also have to > >> restart Tomcat > >> to change <auth-contraint>s; It looks like I'll have to > >> create a role for > >> each user. > >> > >> Along the same lines, it looks like the JDBC Realm let's you > >> specify a DB > >> table for users, but for resources and their roles??? > >> > >> -----Original Message----- > >> From: August Detlefsen [mailto:[EMAIL PROTECTED]] > >> Sent: Friday, June 28, 2002 4:16 PM > >> To: Tomcat Users List; [EMAIL PROTECTED] > >> Subject: Re: Security Realm Limitations (More on protecting PDF > >> documents.) > >> > >> > >> You can define a different <security-restraint> for each PDF, and > >> assign the required roles to that: > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>PDF for Group One</web-resource-name> > >> <url-pattern>/group_1_only.pdf</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>group1</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>PDF for Group Two</web-resource-name> > >> <url-pattern>/group_2_only.pdf</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>group2</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Shared PDF</web-resource-name> > >> <url-pattern>/everybody.pdf</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>group1</role-name> > >> <role-name>group2</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> > >> This will make for a big, unwieldy web.xml though, and it > will require > >> restarting tomcat every time you add a new PDF (do they change > >> frequently)? > >> > >> Do security constraints follow symlinks? Maybe you could create two > >> protcted directories (group1, group2) and then symlink the > >> files from a > >> central repository? > >> > >> > >> > >> --- Brad Rhoads <[EMAIL PROTECTED]> wrote: > >> > > >> > I've determined that I can use security realms to protect PDF > >> > documents. > >> > (See > > http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html > >> if you > >> happen to be getting started on this problem). > >> > >> I need to be able to give access to one set of pdfs to one group of > >> users, > >> and to different sets for other groups of users. It looks > like I can > >> accomplish this much by creating separate directories for > each group > >> and > >> setting up a role for each group. But I have two related problems > >> left: > >> > >> 1. The same PDF may be available to multiple groups. It > seems that I > >> would > >> have to maintain duplicate copies of the PDFs, one for each group. > >> > >> 2. This group level security provides the base list of > available PDFs. > >> I > >> need to be able to take away access to documents from certain users > >> within a > >> group. > >> > >> Suggestions? Or better yet examples? > >> > >> > >> > >> > >> -- > >> To unsubscribe, e-mail: > >> <mailto:[EMAIL PROTECTED]> > >> For additional commands, e-mail: > >> <mailto:[EMAIL PROTECTED]> > >> > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> For additional > > commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>