< assumption > Tomcat 4+</ assumption > It's not all that complicated. First, decide what type of datastore you are going against (JDBC, JNDI, etc.) Next, you need to populate the datastore, giving each type of user a role. This is not abstract, if you use JDBC, the system has a user "role" column in whatever table(s) you define. This means that the page access should be defined in terms of these roles. All of this is defined in the web.xml file, as well as the server.xml file allowing access control by the container. server.xml handles the main definitions, including where to fond the datastore.
If you need to query these fields, you can just write a method to do so directly. Donald Ball wrote: >we're writing a webapp which requires access control for various >operations. we wish to rely on the servlet container to handle >authenticating users, but we need to internally associate usernames with >sets of permissions. to make things easy on the superuser, we would like >to acquire a list of usernames in a given role instead of requiring her >to enter each username manually. i can find no way in the servlet spec >to do this. does anyone have any suggestions? > >- donald > >___________________________________________________________________________ >To unsubscribe, send email to [EMAIL PROTECTED] and include in the body >of the message "signoff SERVLET-INTEREST". > >Archives: http://archives.java.sun.com/archives/servlet-interest.html >Resources: http://java.sun.com/products/servlet/external-resources.html >LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
