Didn't you say that all of your auth information is in a database? Why would you need to write an XML file?
John > -----Original Message----- > From: Steve Vanspall [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 7:39 PM > To: Tomcat Users List > Subject: RE: Restrict access to JSP's/URL's > > > Thanks. > > Will be doing that. > > What I was wondering is, is there anything built into tomcat > to allow me to > get say a security level of a certain action. That way seeing > if it matches > the users security level. > > Or will I need to make another xml file of my own to > configure each action, > and which roles can access it? > > regards > > Steve Vanspall > > -----Original Message----- > From: Will Hartung [mailto:[EMAIL PROTECTED]] > Sent: Friday, 6 December 2002 11:18 AM > To: Tomcat Users List > Subject: Re: Restrict access to JSP's/URL's > > > Check out Filters and stick an authorization filter in front of your > restricted URLs > > /Will > > ----- Original Message ----- > From: "Steve Vanspall" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Thursday, December 05, 2002 3:56 PM > Subject: Restrict access to JSP's/URL's > > > > Hi there, > > > > I am using Tomcat 4.1.12 and Strut1.1-b2 (it think that's the struts > > version) > > > > anyway, I can see that Tomcat has a tomcat-users.xml file. > This file, as I > > understand, can restrict access according to a the user-level. > > > > What I want to know is, is there a way to restrict access > to the url/jsp's > > according to a dynamically retrieved user level. > > > > e.g. All our user login id's and passwords are stored in > our database. In > a > > similar table they have a role_cde attributed to them. > > > > Both these beans are stord in the session when someone logs in. > > > > Can I restrict access to certain actions/jsp's similarly to the way > > tomcat-user.xml is used to restrict access? > > > > better yet, is there a non container-specific way to do it. > > > > I would rather not code my own xml file, if there is > already something > built > > in to the architecture I have running. > > > > Any help would be appreciated > > > > Steve Vanspall > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
