Tomcat Web Application Manager - is it possible to limit what each user role can see? -

-

i couldn't find regarding on internet, expert here answer question.

i have set tomcat web application manager on test server, created roles/users in tomcat-users.xml follows:

<role rolename="manager"/> <user username="admin" password="admin" roles="manager"/> <user username="user1" password="password" roles="manager"/>

admin supposed have full rights on webapp manager, while user1 (and perhaps subsequent users) users have been granted permission upload/deploy war files.

right have same roles, see same ui upon logging in, want user1 see deploy/upload option - limited access webapp manager.

is possible achieve this? if yes, how? if no, acceptable compromise?

you didn't hard if couldn't find this. it's under "manager" section of tomcat users' guide:

http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#configuring_manager_application_access

with standard user-acces roles, cannot trying do. fortunately, there's nothing stopping inventing some.

let's want set different roles deploy , undeploy. add them tomcat-users.xml this:

<role rolename="deploy"/> <role rolename="undeploy"/>

now, modify manager webapp's web.xml , add auth-constraints allow these new roles access specific functions:

<security-constraint>   <web-resource-collection>     <web-resource-name>manual deployment</web-resource-name>     <url-pattern>/html/deploy</url-pattern>   </web-resource-collection>   <auth-constraint>      <role-name>manager-gui</role-name>      <role-name>deploy</role-name>   </auth-constraint> </security-constraint>  <security-constraint>   <web-resource-collection>     <web-resource-name>manual deployment</web-resource-name>     <url-pattern>/html/undeploy</url-pattern>   </web-resource-collection>   <auth-constraint>     <role-name>manager-gui</role-name>     <role-name>undeploy</role-name>   </auth-constraint> </security-constraint>

note have modify existing <web-resource-collection> /html/* users appropriate role (for instance, 'deploy' role) can access gui in order functions configured above.


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more