Why don't u place resources that need to be accessed by management under
"/restricted/management/" and protect.
Explain to me why an application based role like "manager" that is checked via
isUserInRole("manager") to be mapped against an operational/deployment role- is
a lot of hardcoding? You are free to define as many app roles as you need.
Keep it simple.
Have a look at JACC and our realm that deals with permissions in
| org.jboss.web.tomcat.security.JaccAuthorizationRealm
|
Maybe that may give you some more ideas.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3915316#3915316
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3915316
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
