----- Original Message -----
From: "Lyallex" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Sunday, June 22, 2008 1:14 PM
Subject: Re: Changing roles on the fly
On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
Johnny Kewl wrote:
----- Original Message ----- From: "Lyallex" <[EMAIL PROTECTED]>
Allowing a user to add a role is simple enough.
Is it?
Yes.
snip ...
If you change web.xml, yes TC will restart. However, you probably know
the
roles you want and the resources you want to protect, just not which
users
have which roles.
Exactly, in my application there is a business requirement to allow
certain user to add certain roles on the fly.
I know what these roles are and the resources they protect, all this
is predefined. When a user adds a role I log them out (They are warned
about this and are ready for it) when they log in again they have the
additional role, all this is relatively trivial to implement as is the
elected removal of a role which works in exactly the same way.
The problem comes when I want to remove certain privileges from a user
who may already be logged in. I can remove the role in the persistance
store easily enough but I need a way to get a handle on the session
and invalidate it so that he next time the user tries to access a
protected resource they have to log in again.
Lyallex,
The part that is worrying me, is not the sessions.... tracking the sessions
in HttpSessionListener and jamming them into a Hashmap as chris said, I
think is the right way... thats not what is worrying me, its what you call
the "trivia", ie you "just" going to change the "persistance store"... which
I assume means
tomcat-users.xml
and modifying
<user username="theUser" password="thePass"
roles="aNewRoleThatLyallexAddedOrRemoved,role1"/>
and I'm saying forget about the other stuff, because when the user comes
back in and re-logs on... TC is *not* going to see your change.
I'm saying that I think TC only loads the "persistance store" when it
RESTARTS... so you have to "warn everybody".
The "trivia" is not going to work... forget about the other cool stuff ;)...
Becareful of the "trivia".... I think its going to catch you ;)
TC's security cant do what you want... its even a bigger job than what you
imagining... I think.
Good luck ;)
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
