Re: [appengine-java] Re: Custom security for servlets

Simon Knott Thu, 14 Apr 2011 03:50:10 -0700

Hi,

You could persist the users/roles in the datastore and then apply a 
RequestFilter to specific URL mappings, passing in the valid roles for each 
filter through an init-param of the specific filter definitions.


e.g.


  <filter>
      <filter-name>allRoles</filter-name>
      <filter-class>com.company.RoleFilter</filter-class>
      <init-param>
          <param-name>roles</param-name>
          <param-value>role1,role2,role3</param-value>
      </init-param>
  </filter>

  <filter>
      <filter-name>role1Only</filter-name>
      <filter-class>com.company.RoleFilter</filter-class>
      <init-param>
          <param-name>roles</param-name>
          <param-value>role1</param-value>
      </init-param>
  </filter>

  <filter-mapping>
      <filter-name>allRoles</filter-name>
      <url-pattern>/everyone/*</url-pattern>
  </filter-mapping>

  <filter-mapping>
      <filter-name>role1Only</filter-name>
      <url-pattern>/someOtherUrl/*</url-pattern>
  </filter-mapping>

Cheers,
Simon

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.

Re: [appengine-java] Re: Custom security for servlets

Reply via email to