On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: > Johnny Kewl wrote: >> >> ----- Original Message ----- From: "Lyallex" <[EMAIL PROTECTED]> >>> >>> Allowing a user to add a role is simple enough. >> >> Is it? > > Yes.
snip ... > If you change web.xml, yes TC will restart. However, you probably know the > roles you want and the resources you want to protect, just not which users > have which roles. Exactly, in my application there is a business requirement to allow certain user to add certain roles on the fly. I know what these roles are and the resources they protect, all this is predefined. When a user adds a role I log them out (They are warned about this and are ready for it) when they log in again they have the additional role, all this is relatively trivial to implement as is the elected removal of a role which works in exactly the same way. The problem comes when I want to remove certain privileges from a user who may already be logged in. I can remove the role in the persistance store easily enough but I need a way to get a handle on the session and invalidate it so that he next time the user tries to access a protected resource they have to log in again. > Look at how the manager webapp access the list of sessions. You should be > able to use similar code. Note you'll need to make your webapp privileged. > You might want a separate admin webapp. Yes, I've sort of come that that conclusion myself, I might try the JMX route as it's something I've never done before and it's fun to learn new stuff. If the client (who pays me after all) starts grizzling I can look at the HttpSessionListener thing recommended by Chris earlier. Thanks to all for taking the time to reply. This list truly is 'the dogs' --Lyallex > > Mark > > > --------------------------------------------------------------------- > To start a new topic, e-mail: [email protected] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: [email protected] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
