On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote: > > Hi! and good morning (but probably we 're on different continents)
Assiming you're in italy, we're in the same country.. > > > > I don't undertand the last pos where you say. > > >I had the impression he already had.. I don't get how posting this > > >helps, i must have misunderstood something.. Can you explain please? > > > > Anyway thanks for accurate explication. > > I'll go studing how to write the filter class > > I think that as you say the right way is to have at least one role mapped on > > web.xml, forbid to delete it from database and ensure all user have this > > rol. > > So I can still use the yet configured container based authentication. > > Than check for permission in each page in the filter class, or, i was > > thinking check it directly in the jsp. > > I was thinking write a taglib to do so. (that should check if the user has > > at least a role that has at least one of the permissions for this page) > > Wich is the difference between jsp solution and filter class solution? > > Is filter class more secure? I did forget to outline the advantages of defining this stuff in jsp.. You don't need to have a reference to the page in your database.. Which i guess is a big advantage.. Again its your choice.. Mark > > Its more secure in that you don't depend on jsp folk on getting it > right, given that your having to do some view controller stuff in your > db it would seem a shame not to control this in a filter... You can > also disactivate the filter during development and let jsp folk write > decent markup, without giving them the secondary problem of secuirty > logic. > > You could just write a simple bean (as an other option) and use the > trusty useBean tag, but you'll be depending on jsp folk on getting > this right.. A filter is just tidier.. > > > > Thanks a lot > > Ciao! > > > > PS . good italian. What does it mean schete? > My bad spelling for "scelte" > > mark > > > > > > > > > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > > > > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote: > > > > Alessandro Colantoni wrote: > > > > > > > > > Thanks for rapid answer! > > > > >What do you mean with filter the roles of second level. > > > > >How can I do that? if they are not in the auth-constraint and in the > > > role > > > > >name list they can't access. > > > > >have O to write a filter class? in this class retrieve the role of the > > > user > > > > >and if is one of the second level skip the container authentication? > > > > >I'm in the right way or I misunderstand all? > > > > > > > > > > > > > > Or you could try this: > > > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html > > > > > > I had the impression he already had.. I don't get how posting this > > > helps, i must have misunderstood something.. Can you explain please? > > > > > > Mark > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
