I'm a bit at a loss as to how I'm supposed to configure the role-based
security in my webapp's web.xml file.
Consider the following scenario for my webapp:
area roles
/pages/customers/* sales,admin
/pages/orders/* sales,clerks,admin
/pages/products/* clerks,admin
It's easy to configure multiple web-resource-collections for this, e.g.
<web-resource-collection>
<web-resource-name>customers</web-resource-name>
<url-pattern>/pages/customers/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>orders</web-resource-name>
<url-pattern>/pages/orders/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>products</web-resource-name>
<url-pattern>/pages/products/*</url-pattern>
</web-resource-collection>
The following:
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
seems to allow anyone with the role of admin to access all of the specified
web-resource-collections (which is fine in this example);
But how do I configure the other roles (sales & clerks) to only have access
to a specified web-resource-collection??
Any help would be greatly appreciated!
TIA,
Mike
