2013/5/3 Christopher Schultz <ch...@christopherschultz.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Cédric, > > On 5/3/13 3:09 AM, Cédric Couralet wrote: >> More of a servlet spec question than a tomcat one, and, from what >> I read, a rather long shot, but is there a way to define >> auth-constraint dynamically in web.xml? >> >> For instance I'd like to have the following >> >> <security-constraint> <display-name></display-name> >> <web-resource-collection> <web-resource-name></web-resource-name> >> <url-pattern>/something/(.*)/someotherthing</url-pattern> >> <http-method>PUT</http-method> <http-method>POST</http-method> >> <http-method>DELETE</http-method> </web-resource-collection> >> <auth-constraint> <role-name>\1_something</role-name> >> </auth-constraint> </security-constraint> <security-role> >> <role-name>*_something</role-name> </security-role> >> >> with \1 being the (.*) in url-pattern ? > > Nope. You'll have to resort to using a Filter. >
Yes, that is what I thought. >> I know I can do it programmatically with something like >> request.isUserInRole(). But I would like to define all the webapp >> security in another place than in code (if only not to forget >> anything :) ). > > If you wanted things to be a bit more explicit in web.xml, you could > write a Filter that checks for a *specific* user role, and then > configure it all in web.xml. > This is a good idea, I'll try and see where it goes. Thank you --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
