Hello Tomcat 5.5.26 Java 1.5.0_15-b04
This question is about role based security and the dynamic assignment/removal of roles. I have a requirement to allow an user to add or remove certain roles 'on the fly' Allowing a user to add a role is simple enough. Once they have 'clicked the button' to add a role (and thereby add a certain set of role defined features) I simply force them to log back in again. Similarly, when a user removes a role I again force them to log in and they then no longer have those role based features associated. The problem comes when a superuser wants to remove a role from a user and that user may be logged in. What I need to be able to do is to view all the currently active sessions and log the relevant user out (by invalidating the session for example) so that when they next try to access a protected resource they have to log in again ... I can't give any more details I'm afraid. I think I may be able to do this by allowing a superuser account to access this information using JMX (mbeans) and do appropriate stuff. This is a sanity check with the experts on this list as I have never used JMX before and I would like to know if I am pointing in the right direction. Is this something I could do via JMX or is there something else I should be looking at. I do not want to expose the tomcat management console to superusers as they will be (business) domain experts, not Tomcat users or developers/sysadmins Thank You Lyallex --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
