Barry, I'm looking for a way to disable the user by taking them out of one role, but leaving them in the roles they were in before they were disabled (for informational purposes). I didn't think it would be possible, but I wanted to throw it out there in case I missed something. What you are suggesting may also be suitable.
Thanks, Ryan On 3/21/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> wrote:
I know you can assign different roles to an app, and to a user, and make that user need one role to get to one part and an additional role to access a separate part of the app, but the entire app? Not sure about that. I've got people in my users table that have to have multiple roles for several tasks within my app. If they only have one role, they're able to do a certain part of the app, but not all of it. Is this what you're trying to accomplish? -----Original Message----- From: Ryan [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 21, 2007 8:39 AM To: users@tomcat.apache.org Subject: requiring multiple roles for access Hi All, I would like to require a user to belong to two roles to access a certain application (i.e. user must belong to role1 AND role2 to access). I've tried the following in my web.xml.... <auth-constraint> <role-name>role1</role-name> <role-name>role2</role-name> </auth-constraint> Unfortunately, this doesn't seem to work (it seems to allow role1 OR role2). Is what I'm trying to do possible?? Thanks, Ryan --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
