Thanks for rapid answer! What do you mean with filter the roles of second level. How can I do that? if they are not in the auth-constraint and in the role name list they can't access. have O to write a filter class? in this class retrieve the role of the user and if is one of the second level skip the container authentication? I'm in the right way or I misunderstand all?
Thanks On 3/16/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > To my knowledge the servlet config is frozen on start up.. > > My guess would be that you'll need to have a general access role or > roles (those that wont be deleted/modified in your database.. And then > have a second level of access control in your application.. At this > point it would be easier just having all the authentication done in > the web app, and not using the container. > > One idea would be to have a filter that handles the second level of > authentication that checks the db for the modifyable user roles. > > Mark > > On 3/16/06, Alessandro Colantoni < [EMAIL PROTECTED]> wrote: > > Hi all! > > In my application I need to define roles dynamically. I need to create > and > > delete roles and associate them to a permissions table. > > I want the user authenticate with a form. > > The problem is that in web.xml I have to define statically the role > names. > > > > > > > > This is the involved piece of my web.xml > > <security-constraint > > > <web-resource-collection> > > <web-resource-name>Main</web-resource-name> > > <url-pattern>/do/main</url-pattern> > > <http-method>POST</http-method> > > <http-method>GET</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>C</role-name> > > <role-name>E</role-name> > > <role-name>EQ</role-name> > > <role-name>F</role-name> > > <role-name>L</role-name> > > <role-name>M</role-name> > > <role-name>P</role-name> > > <role-name>PS</role-name> > > <role-name>TO</role-name> > > <role-name>TS</role-name> > > <role-name>V</role-name> > > <role-name>0</role-name> > > </auth-constraint> > > <user-data-constraint> > > <transport-guarantee>NONE</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > <login-config> > > <auth-method>FORM</auth-method> > > <realm-name>JDBCRealm</realm-name> > > <form-login-config> > > <form-login-page>/login.jsp</form-login-page> > > <form-error-page>/login-err.jsp</form-error-page> > > </form-login-config> > > </login-config> > > <security-role> > > <role-name>C</role-name> > > <role-name>E</role-name> > > <role-name>EQ</role-name> > > <role-name>F</role-name> > > <role-name>L</role-name> > > <role-name>M</role-name> > > <role-name>P</role-name> > > <role-name>PS</role-name> > > <role-name>TO</role-name> > > <role-name>TS</role-name> > > <role-name>V</role-name> > > <role-name>0</role-name> > > </security-role> > > > > If I create a new role called NEWROLE how can I make it authorized? > > Is there a way to change dynamically this piece of web.xml? For example > some > > api that add a new entry <role-name>NEWROLE </role-name> > > Analogously if I delete a role I want it no more authorized. > > Has this problem a solution? > > > > Thanks for attention > > Alessandro > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
