thanks a lot. In fact,I want just one group's user named Administrators can get access to the administrative page,which can do some privileged operation.The common users can get access to the common user page,they have limited privileged operation. So,should I configure numbers of <security-constraint> elements in my web.xml? But the application allows creating new group,how do I solve this problem?In the former situation,I got a login form and a filter to do this,now,I think I do not need an login form,does the filter still can work for the role-check? Or is there any mechanism just needs configuration,not coding? thanks a lot for your patience!
> Date: Wed, 31 Oct 2007 01:47:27 +0000> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST > authentication?> > zhongliang zhang wrote:> > In the database(Oracle),the > tables I used are usertable and grouptable,the association table of them is > groupmembertable:> > usertable has columns of userid,username and password> > > grouptable has columns of groupid,groupname> > groupmembertable has columns > of groupid,userid> > > How do I configure the JDBCRealm in the server.xml of > Tomcat?> > what should be put in the userRoleTable and roleNameCol in this > situation?> > First off, you'll need to create a view as the JDBCRealm > requires the> user role table to contain names, not IDs. Something like (I > don't> have an Oracle instance to check my syntax)> > CREATE or REPLACE VIEW > vUserRole AS> SELECT username, groupname> FROM usertable u, grouptable g, > groupmembertable m> WHERE u.userid=m.userid and g.groupid=m.groupid> > Then > your realm would be:> <Realm ...> roleNameCol="groupname"> > userCredCol="password"> userNameCol="username"> userRoleTable="vUserRole"> > userTable="usertable"> />> > > and if I want all the user,regardless of its > group,can login to my application,what should I set in the web.xml in the > following element:<role-name>admin</role-name>> > set to *?> > No. The > special role * means all roles defined in your application,> not all > authenticated users. You'll have to create an all users group,> assign it to > every user and then use that in your web.xml> > Mark> > > ---------------------------------------------------------------------> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _________________________________________________________________ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
