Hello,
More of a servlet spec question than a tomcat one, and, from what I
read, a rather long shot, but is there a way to define auth-constraint
dynamically in web.xml?
For instance I'd like to have the following
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/something/(.*)/someotherthing</url-pattern>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>\1_something</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*_something</role-name>
</security-role>
with \1 being the (.*) in url-pattern ?
I know I can do it programmatically with something like
request.isUserInRole(). But I would like to define all the webapp
security in another place than in code (if only not to forget anything
:) ).
I don't know if it relevant but I'm using tomcat 6.0.36 at the moment
on Windows 2003 with jdk 1.6_0.37.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
