On Sun, Jun 22, 2008 at 1:46 PM, Johnny Kewl <[EMAIL PROTECTED]> wrote: > > ----- Original Message ----- From: "Lyallex" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Sunday, June 22, 2008 1:14 PM > Subject: Re: Changing roles on the fly > > >> On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: >>> >>> Johnny Kewl wrote: >>>> >>>> ----- Original Message ----- From: "Lyallex" <[EMAIL PROTECTED]> >>>>> >>>>> Allowing a user to add a role is simple enough. >>>> >>>> Is it? >>> >>> Yes. >> >> snip ... >> >>> If you change web.xml, yes TC will restart. However, you probably know >>> the >>> roles you want and the resources you want to protect, just not which >>> users >>> have which roles. >> >> Exactly, in my application there is a business requirement to allow >> certain user to add certain roles on the fly.
... snip ... > The part that is worrying me, is not the sessions.... tracking the sessions > in HttpSessionListener and jamming them into a Hashmap as chris said, I > think is the right way... thats not what is worrying me, its what you call > the "trivia", ie you "just" going to change the "persistance store"... which > I assume means > tomcat-users.xml Nope, it means the database. Does anyone really use tomcat-users.xml for a production system ... I can't believe it. My business logic code is "persistence mechanism agnostic" as all good and true Java OO code should be IMHO. That's why I used the term 'persistance store' apologies if this caused confusion. Anyway, the 'trivia' works perfectly (it is trivial after all). I've already done all that, it was just controlling the logged in users I was getting my head around. -- Lyallex --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
