Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

configure <auth-constraint> for access control

 
Himai Minh
Ranch Hand
Posts: 1361
7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From Ivan's note p.246-248, in order configure access control on the server side, the web.xml should define something like this:
<auth-contraint>
<role-name>user</role-name>
</auth-contraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>

The sun-web.xml should define something like this:
<security-role-mapping>
<role-name>user</role-name>
<group-name>wsit</group-name>
</security-role-mapping>

My question is what if there are thousands of users who are granted access control? Should we define thousands of <role-name> for <auth-contraint> and etc?
And should we define thousands of <security-role-mapping> in sun-web.xml for each <role-name> in web.xml?

 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2535
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You might want to read the security part from the EE6-tutorial, especially Working with Realms, Users, Groups, and Roles

Regards,
Frits
 
Himai Minh
Ranch Hand
Posts: 1361
7
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After reading the tutorial, it says to define role in the sun-web.xml , not individual users.
That makes more sense now. "Role" means the role of the individual users. Example of roles: students, admin, teacher and etc. Each student are in "students" role.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic