Server role mapping to web application
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Server role mapping to web application
by Adam Briffett
::
Rate this Message:
Hi,
I have a question around mapping of server groups to a web application. Our web application uses server groups for access control within itself, we're using a simple file realm (AJB) to store our authentication information. We would like to be able to create new groups. Creating the group is simple enough, simply add the group to the end of the group listing for the users in question within the AJB file realm in the admin console. However, in order for the web application to be able to verify membership of that group (for example, a servlet using request.isUserInRole()), am I correct in thinking that a mapping for that group needs to be created in both web.xml and sun-web.xml? Or, is there any way around this - we'd like to be able to create these new groups programatically, and if this is the case then modifying the web.xml and sun-web.xml then redeploying is not really an option. I know in Tomcat you can just add a group to tomcat-users.xml, is there any way of adding wildcards to the web.xml or sun-web.xml to allow it to pick up anything added to the relevant realm automatically? Our web.xml for my sample web app (AuthTest) is below: <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <description>cc</description> <display-name>AuthTest</display-name> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <security-constraint> <display-name>AJBUser</display-name> <web-resource-collection> <web-resource-name>AJBUser</web-resource-name> <description>AJB Pages</description> <url-pattern>/index.html</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <description></description> <role-name>AJBUser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>AJB</realm-name> </login-config> <security-role> <description/> <role-name>AJBUser</role-name> </security-role> </web-app> Any help would be much appreciated. Many thanks, Adam --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Server role mapping to web application
by Shing Wai Chan
::
Rate this Message:
The assign-groups property of a realm should help to solve this.
Details can be found in http://blogs.sun.com/swchan/entry/assign_groups Shing Wai Chan Adam Briffett wrote: > Hi, > > I have a question around mapping of server groups to a web application. > > Our web application uses server groups for access control within > itself, we're using a simple file realm (AJB) to store our > authentication information. We would like to be able to create new > groups. > > Creating the group is simple enough, simply add the group to the end > of the group listing for the users in question within the AJB file > realm in the admin console. However, in order for the web application > to be able to verify membership of that group (for example, a servlet > using request.isUserInRole()), am I correct in thinking that a mapping > for that group needs to be created in both web.xml and sun-web.xml? > Or, is there any way around this - we'd like to be able to create > these new groups programatically, and if this is the case then > modifying the web.xml and sun-web.xml then redeploying is not really > an option. > > I know in Tomcat you can just add a group to tomcat-users.xml, is > there any way of adding wildcards to the web.xml or sun-web.xml to > allow it to pick up anything added to the relevant realm > automatically? > > Our web.xml for my sample web app (AuthTest) is below: > > <?xml version="1.0" encoding="UTF-8"?> > <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> > <description>cc</description> > <display-name>AuthTest</display-name> > <session-config> > <session-timeout> > 30 > </session-timeout> > </session-config> > <welcome-file-list> > <welcome-file>index.html</welcome-file> > </welcome-file-list> > <security-constraint> > <display-name>AJBUser</display-name> > <web-resource-collection> > <web-resource-name>AJBUser</web-resource-name> > <description>AJB Pages</description> > <url-pattern>/index.html</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>HEAD</http-method> > <http-method>PUT</http-method> > <http-method>OPTIONS</http-method> > <http-method>TRACE</http-method> > <http-method>DELETE</http-method> > </web-resource-collection> > <auth-constraint> > <description></description> > <role-name>AJBUser</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>AJB</realm-name> > </login-config> > <security-role> > <description/> > <role-name>AJBUser</role-name> > </security-role> > </web-app> > > Any help would be much appreciated. > > Many thanks, > > Adam > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
