Hi all!
In my application I need to define roles dynamically. I need to create and
delete roles and associate them to a permissions table.
I want the user authenticate with a form.
The problem is that in web.xml I have to define statically the role names.
This is the involved piece of my web.xml
<security-constraint >
<web-resource-collection>
<web-resource-name>Main</web-resource-name>
<url-pattern>/do/main</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>C</role-name>
<role-name>E</role-name>
<role-name>EQ</role-name>
<role-name>F</role-name>
<role-name>L</role-name>
<role-name>M</role-name>
<role-name>P</role-name>
<role-name>PS</role-name>
<role-name>TO</role-name>
<role-name>TS</role-name>
<role-name>V</role-name>
<role-name>0</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JDBCRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-err.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>C</role-name>
<role-name>E</role-name>
<role-name>EQ</role-name>
<role-name>F</role-name>
<role-name>L</role-name>
<role-name>M</role-name>
<role-name>P</role-name>
<role-name>PS</role-name>
<role-name>TO</role-name>
<role-name>TS</role-name>
<role-name>V</role-name>
<role-name>0</role-name>
</security-role>
If I create a new role called NEWROLE how can I make it authorized?
Is there a way to change dynamically this piece of web.xml? For example some
api that add a new entry <role-name>NEWROLE </role-name>
Analogously if I delete a role I want it no more authorized.
Has this problem a solution?
Thanks for attention
Alessandro
