On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote:
> Alessandro Colantoni wrote:
>
> > Thanks for rapid answer!
> >What do you mean with filter the roles of second level.
You can still use container based authentication. Especially if you're
already setup to do so.. Just make sure that all users have at least
one role that doesn't get changed or deleted from the database..
> >How can I do that? if they are not in the auth-constraint and in the role
> >name list they can't access.
> >have O to write a filter class?
I think that even if you dont configure a role in web.xml that the
role principals will still be added at login. Lets say that a
jdbc/datasource login queries the database and finds the following
roles: webuser, admin, bigcheese ecc..
let users with the webuser role gain preliminary access to the system.
So webuser is the role configured in your web.xml ...
But like you say, how do you ensure that a user doesn't access
something s/he shouldn't.. Well you need to check someplace else, like
a servlet filter (you need servlet api 2.3 or above).
I assume that you keep a record of the resource/jsp in the database
also to have dynamic control over which roles can access which page.
public void doFilter(..) throws .. {
...
String page = //get page being requested
String[] roles = //get roles that can access this page from db..
boolean canAccessPage = false;
for(int i = 0;i < roles.length;i++) {
if(request.isUserInRole(roles[i])) {
canAccessPage = true;
break;
}
}
if(canAccessPage) {
//allow
} else {
//deny
}
}
I typed "how to write servlet filter" in our friend google
http://javaboutique.internet.com/tutorials/Servlet_Filters/
in this class retrieve the role of the user
> >and if is one of the second level skip the container authentication?
Depends what you need.. My suggestion has the limitation that if the
user is editing his/her own permissions, s/he needs to login again for
them to take effect.
Pottrebbe essere piĆ¹ facile di controllare tutto dentro il
applicazione e non usi il container manager authenticazione, ma questi
sono schete tuoi..
> >I'm in the right way or I misunderstand all?
Penso che sei sulla strada guista..
Mark
> >
> >
> Or you could try this:
> http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
