> From: Ryan [mailto:[EMAIL PROTECTED] > Subject: requiring multiple roles for access > > I would like to require a user to belong to two roles to > access a certain application (i.e. user must belong to role1 > AND role2 to access). I've tried the following in my web.xml.... > <auth-constraint> > <role-name>role1</role-name> > <role-name>role2</role-name> > </auth-constraint> > > Unfortunately, this doesn't seem to work (it seems to allow > role1 OR role2).
As expected; to quote from the servlet spec: "A user must be a member of at least one of the named roles to be permitted to perform the constrained requests." > Is what I'm trying to do possible?? The easiest way might be just to define a separate role for this purpose rather than trying to piggy-back off combinations. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]