Hi Tim,
Good suggestion! I'll look into it. I am in a situation where I'll prefer to
work on my own than to bother IT with LDAP role setup and subsequent access
granting to users. By having a JDBC Realm with a blacklist of users, I can
easily control the access.
I'll probably dig into the filter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
On 6/24/2009 2:59 PM, Tim Funk wrote:
> If you want a black list - it would probably be easier to write a filter
> [programmatic security] instead of declarative security.
You can even combine declarative + programmatic and read your
configurati
If you want a black list - it would probably be easier to write a filter
[programmatic security] instead of declarative security. [At a minimum,
everyone would still need to be authenticated - its the authorization
which is done via the filter (actually the filter will defer to the
realm so the
Jun 2009 23:12:35 +0800
> Subject: Re: Help: auth-constraint with Tomcat 6
> From: ehch...@gmail.com
> To: users@tomcat.apache.org
>
> Hi Tim,
>
> Basically the first realm contains list of users we want to deny access. The
> password would be dynamic, making it difficult
Hi Tim,
Basically the first realm contains list of users we want to deny access. The
password would be dynamic, making it difficult to get through. Well, maybe I
should really consider working with specific roles. That is, grant users
with roles that would allow them access. Then I would probably
Christopher Schultz wrote:
>> Would it also be possible to change the behavior of the
>> combinedRealm/LockoutRealm such that if username is found in prior
>> realm and password is incorrect, then it skips the other realms? It
>> only look into the other realms if username is not found in prior
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Clement,
On 6/24/2009 2:57 AM, Clement Chong wrote:
>
>
> *
>
>
> User is now authenticated via JDBCRealm followed by JNDIRealm and
> would be able to access protected pages with any role.
>
> The question I have is how can I deny a g
Do you really want to have allow different passwords for the same user
id? Sounds dangerous.
For different access control restrictions you needs to set up various
roles, which are names chosen by you. Which can be something like
- reader, writer
- admin, superuser, user
- it, sales, marketing,
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout
realm with nested JDBCRealm and JNDIRealm. The security constraint has
also been setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout
realm with nested JDBCRealm and JNDIRealm. The security constraint has
also been setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout realm
with nested JDBCRealm and JNDIRealm. The security constraint has also been
setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
11 matches
Mail list logo
