If you want a black list - it would probably be easier to write a filter
[programmatic security] instead of declarative security. [At a minimum,
everyone would still need to be authenticated - its the authorization
which is done via the filter (actually the filter will defer to the
realm so there isn't much extra work)]
Ex:
doFilter(req, resp, chain) {
if (req.isUserInRole("blacklist")) {
response.sendError(403);
return;
}
chain.doFilter(...);
}
-Tim
Clement Chong wrote:
Hi Tim,
Basically the first realm contains list of users we want to deny access. The
password would be dynamic, making it difficult to get through. Well, maybe I
should really consider working with specific roles. That is, grant users
with roles that would allow them access. Then I would probably just need a
single realm for authentication.
However, this would mean almost all users require such a role granted except
for some whom we like deny access. Then every new users would also probably
need granted the role. A little extra work there, besides working with IT to
get the new role setup.. A black list would work better than a white list in
this case.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
