you bet....if you want me to send you any sample code or my table structure, FWIW, I'll be glad to.
-----Original Message----- From: Ryan [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 5:33 PM To: Tomcat Users List Subject: Re: requiring multiple roles for access Yeh, this project is moving pretty fast, so I'm going with some quick solutions that may or may not be elegant :-) If I get a chance to revisit this, I'm going to try your solution. Thanks again for all your help. - Ryan On 3/22/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> wrote: > > oh, ok. I'd say your solution's pretty plausible. > > I've just now had to retool my users table a bit adding a timestamp for > auth purposes, too. > > I've just got the one extra table that allows people to be in multiple > categories, yet confined to the one role in the users_role table. > > > > -----Original Message----- > From: Ryan [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 22, 2007 2:39 PM > To: Tomcat Users List > Subject: Re: requiring multiple roles for access > > > Barry, > > This is a good implementation, and yes, it does make sense. I did go with > a > different implementation, though, essentially I created a new table that > stores the users previous roles and timestamp them when the user is > disabled. When they are re-enabled, I just put the role data back into the > roles table so there's no change in their previous access. This way, the > JSP > developers don't have to think about it, it just happens in the > background. > It's probably not the best implementation, but it'll do ;-). > > By the way, I've given up on the role combo login, I was just hoping when > I > wrote that one. > > Thanks, > Ryan > > > On 3/22/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> > wrote: > > > > Hey Ryan, > > > > I didn't end up catching it, only because the people getting the email > > that would log in to the "voting section," it doesn't come into play for > > them. > > > > In other words, if they get the email, they're already in the DB as a > user > > and have the necessary role. > > > > > > If I was going to catch it, I'd need to catch it in this JSP, the way I > > wrote it. The architecture I used on this one file was not ideal, as I > have > > three select query statements residing within it. > > > > What I could stand to do, and would do, is catch it in the JSP, but > > probably by the declared string variable I have, called jrole. > > > > jrole in this case is the one of admin, service, legal, risk, etc. > > > > So if they're not one of four roles, I need to throw in a catch block > for > > the SQL Exception there, otherwise I'd get an exhausted results set > error, > > or invalid cursor state, if it can't find the matching role. > > > > Does this make sense? Or help you any? Sorry if it wasn't of more help. > > > > Let me know. And let me know moreso the way your site/app is structured; > > for example, who needs to go to a protected area, what roles, etc. > > > > I don't think you can make it have a dual/double login layer. Wouldn't > > make too much sense anyway as they'd have to use the same combo and that > > would defeat the session purpose anyway. > > > > -----Original Message----- > > From: Ryan [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 22, 2007 9:35 AM > > To: Tomcat Users List > > Subject: Re: requiring multiple roles for access > > > > > > Barry, > > > > Regarding your method below, do you catch this method in JSP or > somewhere > > else? > > > > Thanks, > > Ryan > > > > > > On 3/21/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> > > wrote: > > > > > > I don't know about disabling users, as I haven't tried something like > > > that, and there may be ways of tiering the access in regards to roles, > > which > > > I technically haven't tried either. > > > > > > But what I have is a group of people who absolutely have to access one > > > portion, and then some "admins" who have to access another. But for > > reasons > > > you can probably imagine, I certainly don't want it wide open to > anyone > > with > > > an account. So I've got it gated as such in this manner. > > > Does this make sense? Another thing I did was run separate select > > queries > > > from the users and "approvers" table, one I created and linked > together > > by a > > > unique ID. If someone contained one role, they could access this > > section. If > > > not, in another case, an exception is thrown, which I didn't catch > > properly > > > right away, but it doesn't let that user into the section. > > > > > > Let me know if you need more insight into it. > > > > > > Good luck with it Ryan! > > > > > > -----Original Message----- > > > From: Ryan [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, March 21, 2007 2:22 PM > > > To: Tomcat Users List > > > Subject: Re: requiring multiple roles for access > > > > > > > > > Barry, > > > > > > I'm looking for a way to disable the user by taking them out of one > > role, > > > but leaving them in the roles they were in before they were disabled > > (for > > > informational purposes). I didn't think it would be possible, but I > > wanted > > > to throw it out there in case I missed something. What you are > > suggesting > > > may also be suitable. > > > > > > Thanks, > > > Ryan > > > > > > > > > On 3/21/07, Propes, Barry L [GCG-NAOT] <[EMAIL PROTECTED]> > > > wrote: > > > > > > > > I know you can assign different roles to an app, and to a user, and > > make > > > > that user need one role to get to one part and an additional role to > > > access > > > > a separate part of the app, but the entire app? Not sure about that. > > > > > > > > I've got people in my users table that have to have multiple roles > for > > > > several tasks within my app. If they only have one role, they're > able > > to > > > do > > > > a certain part of the app, but not all of it. Is this what you're > > trying > > > to > > > > accomplish? > > > > > > > > -----Original Message----- > > > > From: Ryan [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, March 21, 2007 8:39 AM > > > > To: users@tomcat.apache.org > > > > Subject: requiring multiple roles for access > > > > > > > > > > > > Hi All, > > > > > > > > I would like to require a user to belong to two roles to access a > > > certain > > > > application (i.e. user must belong to role1 AND role2 to access). > I've > > > > tried > > > > the following in my web.xml.... > > > > <auth-constraint> > > > > <role-name>role1</role-name> > > > > <role-name>role2</role-name> > > > > </auth-constraint> > > > > > > > > Unfortunately, this doesn't seem to work (it seems to allow role1 OR > > > > role2). > > > > Is what I'm trying to do possible?? > > > > > > > > Thanks, > > > > Ryan > > > > > > > > > --------------------------------------------------------------------- > > > > To start a new topic, e-mail: users@tomcat.apache.org > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
