The assign-groups property of a realm should help to solve this.
Details can be found in
http://blogs.sun.com/swchan/entry/assign_groups
Shing Wai Chan
Adam Briffett wrote:
> Hi,
>
> I have a question around mapping of server groups to a web application.
>
> Our web application uses server groups for access control within
> itself, we're using a simple file realm (AJB) to store our
> authentication information. We would like to be able to create new
> groups.
>
> Creating the group is simple enough, simply add the group to the end
> of the group listing for the users in question within the AJB file
> realm in the admin console. However, in order for the web application
> to be able to verify membership of that group (for example, a servlet
> using request.isUserInRole()), am I correct in thinking that a mapping
> for that group needs to be created in both web.xml and sun-web.xml?
> Or, is there any way around this - we'd like to be able to create
> these new groups programatically, and if this is the case then
> modifying the web.xml and sun-web.xml then redeploying is not really
> an option.
>
> I know in Tomcat you can just add a group to tomcat-users.xml, is
> there any way of adding wildcards to the web.xml or sun-web.xml to
> allow it to pick up anything added to the relevant realm
> automatically?
>
> Our web.xml for my sample web app (AuthTest) is below:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
> <description>cc</description>
> <display-name>AuthTest</display-name>
> <session-config>
> <session-timeout>
> 30
> </session-timeout>
> </session-config>
> <welcome-file-list>
> <welcome-file>index.html</welcome-file>
> </welcome-file-list>
> <security-constraint>
> <display-name>AJBUser</display-name>
> <web-resource-collection>
> <web-resource-name>AJBUser</web-resource-name>
> <description>AJB Pages</description>
> <url-pattern>/index.html</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description></description>
> <role-name>AJBUser</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>AJB</realm-name>
> </login-config>
> <security-role>
> <description/>
> <role-name>AJBUser</role-name>
> </security-role>
> </web-app>
>
> Any help would be much appreciated.
>
> Many thanks,
>
> Adam
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>