You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Henry Story <hj...@bblfish.net> on 2003/05/08 21:01:33 UTC
permissions compared with apache
Is it possible to have access rules similar to the mod_dav
rules defined in our httpd.conf file, of which I have pasted an extract
below.
It would be nice to be able to say things like:
- "only allow group ce to access directories that have a "/ce/" path in
the them."
- "only allow admins to add files to all
subdirectories that satisfy the following pattern
/production/*/*/*common/"
I was initially thinking a web-resource-collection in web.xml might do the
trick, but the servlet specification 2.3 and 2.4 do not allow such
flexible use of regular expressions.
Any better ideas?
<DirectoryMatch "/CVS/|/cvs/">
Order deny,allow
Deny from all
</DirectoryMatch>
<LocationMatch "FR">
Require group admins
<LimitExcept PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require group fr
</LimitExcept>
</LocationMatch>
<LocationMatch "ce">
Require group admins ce
</LocationMatch>
<LocationMatch "dap">
Require group admins dap
</LocationMatch>
<LocationMatch "/production/.*/.*/.*/common">
Require group admins
<LimitExcept DELETE>
Require group ce dap
</LimitExcept>
</LocationMatch>
<LocationMatch "/production/images/*">
Require group admins
<LimitExcept DELETE>
Require valid-user
</LimitExcept>
</LocationMatch>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: permissions compared with apache
Posted by Martin Holz <ho...@fiz-chemie.de>.
Henry Story <hj...@bblfish.net> writes:
> Is it possible to have access rules similar to the mod_dav
> rules defined in our httpd.conf file, of which I have pasted an extract
> below.
How about putting a apache/mod_proxy in front of your
servlet engine?
Btw. has someone experience doing this? There
where some issues with mod_proxy and HTTP 1.1.
You could also use slide ACLs to limit access to resources.
A content interceptor could create the ACLs
automatically at creation time, if the url
satisfies some regular expression.
--
Martin Holz <ho...@fiz-chemie.de>
Softwareentwicklung / Vernetztes Studium - Chemie
FIZ CHEMIE Berlin
Franklinstrasse 11
D-10587 Berlin
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org