Barry, This is a good implementation, and yes, it does make sense. I did go with a different implementation, though, essentially I created a new table that stores the users previous roles and timestamp them when the user is disabled. When they are re-enabled, I just put the role data back into the roles table so there's no change in their previous access. This way, the JSP developers don't have to think about it, it just happens in the background. It's probably not the best implementation, but it'll do ;-).
By the way, I've given up on the role combo login, I was just hoping when I wrote that one. Thanks, Ryan On 3/22/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> wrote:
Hey Ryan, I didn't end up catching it, only because the people getting the email that would log in to the "voting section," it doesn't come into play for them. In other words, if they get the email, they're already in the DB as a user and have the necessary role. If I was going to catch it, I'd need to catch it in this JSP, the way I wrote it. The architecture I used on this one file was not ideal, as I have three select query statements residing within it. What I could stand to do, and would do, is catch it in the JSP, but probably by the declared string variable I have, called jrole. jrole in this case is the one of admin, service, legal, risk, etc. So if they're not one of four roles, I need to throw in a catch block for the SQL Exception there, otherwise I'd get an exhausted results set error, or invalid cursor state, if it can't find the matching role. Does this make sense? Or help you any? Sorry if it wasn't of more help. Let me know. And let me know moreso the way your site/app is structured; for example, who needs to go to a protected area, what roles, etc. I don't think you can make it have a dual/double login layer. Wouldn't make too much sense anyway as they'd have to use the same combo and that would defeat the session purpose anyway. -----Original Message----- From: Ryan [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 9:35 AM To: Tomcat Users List Subject: Re: requiring multiple roles for access Barry, Regarding your method below, do you catch this method in JSP or somewhere else? Thanks, Ryan On 3/21/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> wrote: > > I don't know about disabling users, as I haven't tried something like > that, and there may be ways of tiering the access in regards to roles, which > I technically haven't tried either. > > But what I have is a group of people who absolutely have to access one > portion, and then some "admins" who have to access another. But for reasons > you can probably imagine, I certainly don't want it wide open to anyone with > an account. So I've got it gated as such in this manner. > Does this make sense? Another thing I did was run separate select queries > from the users and "approvers" table, one I created and linked together by a > unique ID. If someone contained one role, they could access this section. If > not, in another case, an exception is thrown, which I didn't catch properly > right away, but it doesn't let that user into the section. > > Let me know if you need more insight into it. > > Good luck with it Ryan! > > -----Original Message----- > From: Ryan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 21, 2007 2:22 PM > To: Tomcat Users List > Subject: Re: requiring multiple roles for access > > > Barry, > > I'm looking for a way to disable the user by taking them out of one role, > but leaving them in the roles they were in before they were disabled (for > informational purposes). I didn't think it would be possible, but I wanted > to throw it out there in case I missed something. What you are suggesting > may also be suitable. > > Thanks, > Ryan > > > On 3/21/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> > wrote: > > > > I know you can assign different roles to an app, and to a user, and make > > that user need one role to get to one part and an additional role to > access > > a separate part of the app, but the entire app? Not sure about that. > > > > I've got people in my users table that have to have multiple roles for > > several tasks within my app. If they only have one role, they're able to > do > > a certain part of the app, but not all of it. Is this what you're trying > to > > accomplish? > > > > -----Original Message----- > > From: Ryan [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 21, 2007 8:39 AM > > To: users@tomcat.apache.org > > Subject: requiring multiple roles for access > > > > > > Hi All, > > > > I would like to require a user to belong to two roles to access a > certain > > application (i.e. user must belong to role1 AND role2 to access). I've > > tried > > the following in my web.xml.... > > <auth-constraint> > > <role-name>role1</role-name> > > <role-name>role2</role-name> > > </auth-constraint> > > > > Unfortunately, this doesn't seem to work (it seems to allow role1 OR > > role2). > > Is what I'm trying to do possible?? > > > > Thanks, > > Ryan > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
