RE: user's roles verification

Mon, 12 Aug 2002 14:08:32 -0700 

Read the security section in the Servlet FCS

http://jcp.org/aboutJava/communityprocess/first/jsr053/index.html

Basically, you can control access to files using security-constaint and
url-pattern elements.

Example:


  <security-constraint>
    <display-name>Tomcat Server Configuration Security
Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>*.*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>TimeOff</role-name>
    </auth-constraint>
  </security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Tomcat Server Configuration Form-Based Authentication
Area</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>

<security-role>
    <description>
      The role that is required to log in to the Administration
Application
    </description>
    <role-name>TimeOff</role-name>
  </security-role>


-Andrew

> -----Original Message-----
> From: Alexander Wallace [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, August 12, 2002 10:44 AM
> To: Tomcat Users List
> Subject: user's roles verification
> 
> 
> 
> 
> I've got (i think) Realms working. I need some advice for 
> good practices...
> 
> My original idea (before hearing about realms and such) was 
> to direct all requests for any resource of my webapp to a 
> servlet that would verify user roles.
> 
> Then I was told here that i would run into a lot of problems 
> if I did that. And was recomended to check filters and that 
> realms are for this purpose.
> 
> Here is my main question: Using realms, should each jsp 
> verify the role of the user trying to access it? Or is there 
> a more elegant way to do it, to keep code in jsp minimum and 
> centralize that task?
> 
> The verification will have to happen for each one of the 
> pages in my web app..
> 
> Thank you in advance!
> 
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-user-> [EMAIL PROTECTED]>
> For 
> additional commands, 
> e-mail: <mailto:[EMAIL PROTECTED]>
> 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to