To my knowledge the servlet config is frozen on start up.. My guess would be that you'll need to have a general access role or roles (those that wont be deleted/modified in your database.. And then have a second level of access control in your application.. At this point it would be easier just having all the authentication done in the web app, and not using the container.
One idea would be to have a filter that handles the second level of authentication that checks the db for the modifyable user roles. Mark On 3/16/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote: > Hi all! > In my application I need to define roles dynamically. I need to create and > delete roles and associate them to a permissions table. > I want the user authenticate with a form. > The problem is that in web.xml I have to define statically the role names. > > > > This is the involved piece of my web.xml > <security-constraint > > <web-resource-collection> > <web-resource-name>Main</web-resource-name> > <url-pattern>/do/main</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>C</role-name> > <role-name>E</role-name> > <role-name>EQ</role-name> > <role-name>F</role-name> > <role-name>L</role-name> > <role-name>M</role-name> > <role-name>P</role-name> > <role-name>PS</role-name> > <role-name>TO</role-name> > <role-name>TS</role-name> > <role-name>V</role-name> > <role-name>0</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <realm-name>JDBCRealm</realm-name> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/login-err.jsp</form-error-page> > </form-login-config> > </login-config> > <security-role> > <role-name>C</role-name> > <role-name>E</role-name> > <role-name>EQ</role-name> > <role-name>F</role-name> > <role-name>L</role-name> > <role-name>M</role-name> > <role-name>P</role-name> > <role-name>PS</role-name> > <role-name>TO</role-name> > <role-name>TS</role-name> > <role-name>V</role-name> > <role-name>0</role-name> > </security-role> > > If I create a new role called NEWROLE how can I make it authorized? > Is there a way to change dynamically this piece of web.xml? For example some > api that add a new entry <role-name>NEWROLE </role-name> > Analogously if I delete a role I want it no more authorized. > Has this problem a solution? > > Thanks for attention > Alessandro > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]