Hi! and good morning (but probably we 're on different continents) I don't undertand the last pos where you say. >I had the impression he already had.. I don't get how posting this >helps, i must have misunderstood something.. Can you explain please?
Anyway thanks for accurate explication. I'll go studing how to write the filter class I think that as you say the right way is to have at least one role mapped on web.xml, forbid to delete it from database and ensure all user have this rol. So I can still use the yet configured container based authentication. Than check for permission in each page in the filter class, or, i was thinking check it directly in the jsp. I was thinking write a taglib to do so. (that should check if the user has at least a role that has at least one of the permissions for this page) Wich is the difference between jsp solution and filter class solution? Is filter class more secure? Thanks a lot Ciao! PS . good italian. What does it mean schete? On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote: > > Alessandro Colantoni wrote: > > > > > Thanks for rapid answer! > > >What do you mean with filter the roles of second level. > > >How can I do that? if they are not in the auth-constraint and in the > role > > >name list they can't access. > > >have O to write a filter class? in this class retrieve the role of the > user > > >and if is one of the second level skip the container authentication? > > >I'm in the right way or I misunderstand all? > > > > > > > > Or you could try this: > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html > > I had the impression he already had.. I don't get how posting this > helps, i must have misunderstood something.. Can you explain please? > > Mark > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
