You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jose Euclides da Silva Junior - DATAPREVRJ <Jo...@rj.previdenciasocial.gov.br> on 2003/08/04 22:00:58 UTC

Where can i set Groups and user roles?

Hi guys,
my application should ask for user's authentication and then, associate him
to some skills. My question is easy: what is the easiest way to make it
possible on TomCat's environment?  Is there any xml tag?
Thanks in advance, Euclides.

RE: Where can i set Groups and user roles?

Posted by Murray <mp...@optusnet.com.au>.

Euclides,

Try starting tomcat then look at the examples at
http://localhost:8080/tomcat-docs/realm-howto.html.  You can assign roles to
users based on any of the three realm types but the mechanism is different
in each case.  I have implemented the JDBC based realm model and have a
table in my database which has two columns: user and role.  A user may have
more than one role in my implementation and I have used the request taglib
to ask
	<req:isUserInRole role="leader">
to determine whether or not to display particular parts of a page.  If the
user has a row in the table with role set to "leader" access is allowed.
Note that I discovered it is essential that all protected pages need to
belong to some generic role first before you can gain access to the page to
make the test above.  Thus, if a user is to pass the above test, he must
have at least two entries in the role table: one with "member" and one with
"leader".  The "member" role permits access to the secure part of the
website (as defined in the web.xml snippet below) and the "leader" role
provides additional access controls.

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>ScoutGroup-Secure</web-resource-name>
   <url-pattern>/members/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>member</role-name>
  </auth-constraint>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Murray

-----Original Message-----
From: Jose Euclides da Silva Junior - DATAPREVRJ
[mailto:Jose.Euclides@rj.previdenciasocial.gov.br]
Sent: Tuesday, 5 August 2003 06:01
To: 'tomcat-user@jakarta.apache.org'
Subject: Where can i set Groups and user roles?


Hi guys,
my application should ask for user's authentication and then, associate him
to some skills. My question is easy: what is the easiest way to make it
possible on TomCat's environment?  Is there any xml tag?
Thanks in advance, Euclides.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Where can i set Groups and user roles?

Posted by Murray <mp...@optusnet.com.au>.

Euclides,

Try starting tomcat then look at the examples at
http://localhost:8080/tomcat-docs/realm-howto.html.  You can assign roles to
users based on any of the three realm types but the mechanism is different
in each case.  I have implemented the JDBC based realm model and have a
table in my database which has two columns: user and role.  A user may have
more than one role in my implementation and I have used the request taglib
to ask
	<req:isUserInRole role="leader">
to determine whether or not to display particular parts of a page.  If the
user has a row in the table with role set to "leader" access is allowed.
Note that I discovered it is essential that all protected pages need to
belong to some generic role first before you can gain access to the page to
make the test above.  Thus, if a user is to pass the above test, he must
have at least two entries in the role table: one with "member" and one with
"leader".  The "member" role permits access to the secure part of the
website (as defined in the web.xml snippet below) and the "leader" role
provides additional access controls.

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>ScoutGroup-Secure</web-resource-name>
   <url-pattern>/members/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>member</role-name>
  </auth-constraint>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Murray

-----Original Message-----
From: Jose Euclides da Silva Junior - DATAPREVRJ
[mailto:Jose.Euclides@rj.previdenciasocial.gov.br]
Sent: Tuesday, 5 August 2003 06:01
To: 'tomcat-user@jakarta.apache.org'
Subject: Where can i set Groups and user roles?


Hi guys,
my application should ask for user's authentication and then, associate him
to some skills. My question is easy: what is the easiest way to make it
possible on TomCat's environment?  Is there any xml tag?
Thanks in advance, Euclides.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org