Howdy, The Subject you get back from the JAAS realm will have one Principal for the identity typically, and 0 or more Principals for the Roles the Subject has. It is these Roles you use for authorization. You have to define in your app the logic that Role1 may see reports 1,3,5 while Role2 may see reports 2,4,6. Then when you get the Subject back from the JAAS realm, look through it to see what Roles it has.
Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Maksimenko Alexander [mailto:[EMAIL PROTECTED] >Sent: Thursday, March 27, 2003 11:24 AM >To: Tomcat Users List >Subject: Re: JAAS authorization in Servlet2.3 > > >> Howdy, >> Configure tomcat in server.xml to use a JAAS realm. This is a good >> place to start reading: >> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/org/ap >> ache/catalina/realm/JAASRealm.html > >As I understand JAASRealm is used for authentication of users. But I have >to >check if the user have permissions to fulfill some actions or not. For >example user1 may see only 1,3,5-th reports and user2 may see only 2,4,6. > > >> >> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html >> >> Yoav Shapira >> Millennium ChemInformatics >> >> >> >-----Original Message----- >> >From: Maksimenko Alexander [mailto:[EMAIL PROTECTED] >> >Sent: Thursday, March 27, 2003 10:07 AM >> >To: List Tomcat Users >> >Subject: JAAS authorization in Servlet2.3 >> > >> >Can I use JAAS as access controller in servlet 2.3 environment? >> >> >> >> This e-mail, including any attachments, is a confidential business >communication, and may contain information that is confidential, >proprietary >and/or privileged. This e-mail is intended only for the individual(s) to >whom it is addressed, and may not be saved, copied, printed, disclosed or >used by anyone else. If you are not the(an) intended recipient, please >immediately delete this e-mail from your computer system and notify the >sender. Thank you. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
