Thanks for the response, but I don't think either of these are what I
need. My application involves users who need access to the inventory
data for stores throughout the country, and those locations and users
are all stored in a back-end database. All this is managed by java
classes; tomcat and about 5 jsp's are just the front end for 260 or so
java classes that do the grunt work. I need to be able to ensure that
some users only have access to their own stores, while other users
(regional managers, etc) can access all the stores under their
jurisdiction, and system administrators can manage system settings,
etc. I have those permissions set up in the database, but can't quite
work out how to apply them to ACL's and ACLEntries. That's why I'm
looking for a tutorial and/or sample code.
The people who initially wrote this app tried, but didn't seem to get
the permissions handling set up quite right, because any user who
authenticates successfully has unlimited access to their stores, but
some of them should only have read access, and I need to get it
straightened out.
Thanks,
Dave
Martin Gainty wrote:
Good Morning Dave...
I would start by referencing this link
http://tomcat.apache.org/tomcat-6.0-doc/cgi-howto.html
either
setup security in %JAVA_HOME%/lib/security/java.policy and start java
with security manager enabled e.g.
JAVA -Djava.security.policy=java.policy %CATALINA_HOME%\bin\bootstrap.jar
OR
read everything you can on configuring
%CATALINA_HOME%/conf/catalina.policy
and configure the necessary options in catalina.policy *this link
should get you started*
http://tomcat.apache.org/tomcat-4.1-doc/security-manager-howto.html
HTH/
Martin
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please
notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message ----- From: "David Kerber" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, May 08, 2007 10:25 AM
Subject: ACL (access control list) tutorial or example
I posted this on comp.lang.java.security yesterday, but haven't
gotten a single answer, so I'm hoping you people can help:
I'm trying to implement ACL's in my Tomcat-based webapp, and am
having trouble applying what I read in the docs and in my googling to
my real-life application. Could somebody please point me to a good
tutorial or some example code that shows how to set and check the
permissions (read only vs read/write, administration vs general user,
etc) that a given user will have to access a given object?
I've got the authentication part going with no trouble, but am having
trouble with the access control side of things.
TIA!
Dave
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
