Re: help with realm setup

Thu, 14 Mar 2002 16:21:56 -0800 

Just as a start, you need something more like the following.  You need to 
look at how xml dtd are used.


<web-app>
         <security-constraint>
                 <web-resource-collection>
                         <web-resource-name>Joes Grill</web-resource-name>
                         <url-pattern>/jsp/pigout.jsp</url-pattern>
                 </web-resource-collection>
                 <auth-constraint>
                         <role-name>hungryman</role-name>
                 </auth-constraint>
         </security-constraint>
         <security-constraint>
                 <web-resource-collection>
                         <web-resource-name>Joes Grill</web-resource-name>
                         <url-pattern>/jsp/grill.jsp</url-pattern>
                 </web-resource-collection>
                 <auth-constraint>
                         <role-name>eater</role-name>
                 </auth-constraint>
         </security-constraint>
         <security-constraint>
                 <web-resource-collection>
                         <web-resource-name>Joes Grill</web-resource-name>
                         <url-pattern>/jsp/uploads/upload.jsp</url-pattern>
                 </web-resource-collection>
                 <auth-constraint>
                         <role-name>uploader</role-name>
                 </auth-constraint>
         </security-constraint>
         <login-config>
                 <auth-method>BASIC</auth-method>
                 <realm-name>Joes Grill</realm-name>
         </login-config>
</web-app>

At 05:14 PM 3/14/02 -0500, you wrote:
>I would like to set up my realm to allow folks in by userid not by
>rolename.
>
>I do not know what the tag for the web.xml file should be The following
>is a sample security constraint.
>The role names are working fine, but I need to say if a user is tony or
>user is x then allow them in, but without the use of
>roles.
>
><security-constraint>
>       <display-name>Example Security Constraint</display-name>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
>      <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/jsp/security/protected/*</url-pattern>
>      <!-- If you list http methods, only those methods are protected -->
>
>      <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>      <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area
>-->
>         <!-- the following does not work because tony is a userid not a
>rolename -->
>         <!-- what tag should I use to get this to work so userid tony
>can access the application space?  -->
>          <role-name>tony</role-name>
>          <role-name>marketing</role-name>
>          <role-name>role1</role-name>
>       </auth-constraint>
>     </security-constraint>
>
>Thanks,
>Tony
>
>
>
>--
>To unsubscribe:   <mailto:[EMAIL PROTECTED]>
>For additional commands: <mailto:[EMAIL PROTECTED]>
>Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to