Micael: Thanks for the data. The question I have though is that I am using the role-name but this only applies to roles that map (basically as groups) against a series of users that authenticate. I need to map directly against the user without having roles.
So I need to be able to do a 1-1 mapping of access to a user without having roles/groups setup. Can this be done when I have no control over the jndi source to control it? Meaning I am trying to use a jndi or whatever source for authentication and say if the person passed in a valid userid and password of X how do I let them in? Thanks, Tony Micael Padraig Og mac Grene wrote: > Just as a start, you need something more like the following. You need to > look at how xml dtd are used. > > <web-app> > <security-constraint> > <web-resource-collection> > <web-resource-name>Joes Grill</web-resource-name> > <url-pattern>/jsp/pigout.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>hungryman</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name>Joes Grill</web-resource-name> > <url-pattern>/jsp/grill.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>eater</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name>Joes Grill</web-resource-name> > <url-pattern>/jsp/uploads/upload.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>uploader</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Joes Grill</realm-name> > </login-config> > </web-app> > > At 05:14 PM 3/14/02 -0500, you wrote: > >I would like to set up my realm to allow folks in by userid not by > >rolename. > > > >I do not know what the tag for the web.xml file should be The following > >is a sample security constraint. > >The role names are working fine, but I need to say if a user is tony or > >user is x then allow them in, but without the use of > >roles. > > > ><security-constraint> > > <display-name>Example Security Constraint</display-name> > > <web-resource-collection> > > <web-resource-name>Protected Area</web-resource-name> > > <!-- Define the context-relative URL(s) to be protected --> > > <url-pattern>/jsp/security/protected/*</url-pattern> > > <!-- If you list http methods, only those methods are protected --> > > > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <!-- Anyone with one of the listed roles may access this area > >--> > > <!-- the following does not work because tony is a userid not a > >rolename --> > > <!-- what tag should I use to get this to work so userid tony > >can access the application space? --> > > <role-name>tony</role-name> > > <role-name>marketing</role-name> > > <role-name>role1</role-name> > > </auth-constraint> > > </security-constraint> > > > >Thanks, > >Tony > > > > > > > >-- > >To unsubscribe: <mailto:[EMAIL PROTECTED]> > >For additional commands: <mailto:[EMAIL PROTECTED]> > >Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> -- Tony Dahbura Director Client Services East Loudcloud Inc. 4501 Singer Court Suite 200 Chantilly, VA 20151 voice: 703.653.6880 fax: 703.961.8268 [EMAIL PROTECTED] -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>