You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ryan <ni...@gmail.com> on 2007/03/21 14:39:20 UTC

requiring multiple roles for access

Hi All,

I would like to require a user to belong to two roles to access a certain
application (i.e. user must belong to role1 AND role2 to access). I've tried
the following in my web.xml....
      <auth-constraint>
           <role-name>role1</role-name>
           <role-name>role2</role-name>
      </auth-constraint>

Unfortunately, this doesn't seem to work (it seems to allow role1 OR role2).
Is what I'm trying to do possible??

Thanks,
Ryan