Pid wrote:
David Kerber wrote:
...
There isn't a standard way of doing programmatical security of this
nature - the nature of it is such that you have to write it yourself.
That is essentially what I'm trying to do, using various built-in
tools , such as java.security.acl.*, sun.security.acl.AclImpl,
sun.security.acl.AclEntryImpl, sun.security.acl.PermissionImpl, etc.
I'm just having trouble figuring out how these tools are intended to
be used
I wouldn't start there when securing a web application, but other list
members might. Sounds like the long route to a solution.
The spec defines role based access control; the majority of your
problem can be resolved by configuring a Realm and your app so that
restrictions can be applied on a URL by URL basis.
In addition to the response I just posted, this app only has about 5
different url's (.jsp's), only one of which is restricted to admin
users. The permissions are to specify which site's information they are
able to view on the site information .jsp, and whether or not they can
modify that information, not what .jsp they can get to in the first place.
Dave
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
