 
| View previous topic :: View next topic |
| Author |
Message |
Nick Beare
Posted via mailing list.
|
 Posted: Tue Sep 16, 2008 10:01 am Post subject: How do I add users to roles for deployed Web Applic ations? |
 |
|
Somebody out there must be doing this! It is a fairly standard requirement (you ship an application to a client and let them set up their own users). How is this done?
I am using BASIC authentication.
From: Nick Beare [mailto:address-removed]
Sent: 12 September 2008 17:05
To: address-removed
Subject: [nbusers] How do I add users to roles for deployed Web Applications?
Web gurus,
I have deployed an app, to a remote server, I now want to add some real users to a role. How do I do this?
As per the tutorial: http://www.netbeans.org/kb/60/web/security-webapps.html#loginform
I have set up users admin and user via the admin console,
Admin and User Roles plus AdminConstraint and UserConstraint Security Constraints in web.xml,
Principals admin and user in sun-web.xml.
The app runs ok and the users ‘user’ and ‘admin’ can access appropriate parts of the app.
I figured I needed to add a principle entry for each user into ‘sun-web.xml’. I duly added them to the file in domains\domain1\applications\j2ee-modules\myAppName\WEB-IF.
I restarted the domain, but the authorisation for the new users was not recognised.
I then did a search and discover another copy of sun-web.xml in domains\domain1\generated\xml\j2ee-modules\myAppName\WEB-IF, which had an older time.
When does this get regenerated and what is best practice for adding users to roles?
Regards
Nick Beare
Developer
Vixensoft
Tel: 01420 89898
Fax: 01420 541223
Web: [url=blocked::http://www.vixensoft.co.uk/]www.vixensoft.co.uk[/url]
Head Office: Market House, Lenten Street, Alton, Hampshire. GU34 1HG
ViXEN Software Solutions Ltd. Registered in England and Wales. Company Number 4335138.
-----------------------------------------------------------------------------------------------------------------------
Notice: This message contains information which may be confidential and privileged. Unless you are the intended recipient (or are authorised to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message. Thank you.
[i]Disclaimer: No notice provided by e-mail shall be binding unless confirmed by hard copy and signed by a duly authorised person.[/i] |
|
| Back to top |
|
 |
Brett M. Bergquist
Posted via mailing list.
|
| Posted: Tue Sep 16, 2008 12:38 pm Post subject: How do I add users to roles for deployed Web Applic ations? |
|
|
I have this requirement in my application using Glassfish as the
application server. I took a different route. I created my own JDBC
realm. I defined my roles and mapped permissions based no those to the
code (EJB meethods, web pages, etc). In "application.xml", I have my
security roles defined:
...
<security-role>
<description>Alarms Administrator</description>
<role-name>Alarms-Administrator</role-name>
</security-role>
<security-role>
<description>Alarms Operator</description>
<role-name>Alarms-Operator</role-name>
</security-role>
<security-role>
<description>Alarms Observer</description>
<role-name>Alarms-Observer</role-name>
</security-role>
<security-role>
<description>Device Administrator</description>
<role-name>Device-Administrator</role-name>
</security-role>
<security-role>
<description>Device Network Performance Administrator</description>
<role-name>Device-NP-Operator</role-name>
</security-role>
...
In "sun-application.xml", I have these roles mapped to group names that
match:
...
<security-role-mapping>
<role-name>Alarms-Administrator</role-name>
<group-name>Alarms-Administrator</group-name>
</security-role-mapping><
security-role-mapping>
<role-name>Alarms-Operator</role-name>
<group-name>Alarms-Operator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Alarms-Observer</role-name>
<group-name>Alarms-Observer</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-Administrator</role-name>
<group-name>Device-Administrator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-NP-Operator</role-name>
<group-name>Device-NP-Operator</group-name>
</security-role-mapping>
...
Then in domain.xml, I have:
<auth-realm
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"
name="csemRealm">
<property name="jaas-context" value="jdbcRealm"/>
<property name="password-column" value="PASSWORD"/>
<property name="datasource-jndi" value="jdbc/csemdb"/>
<property name="group-table" value="CSEM.J2EE_USER_GROUPS"/>
<property name="user-table" value="CSEM.J2EE_USERS"/>
<property name="group-name-column" value="GROUPID"/>
<property name="db-password" value="CSEM"/>
<property name="digest-algorithm" value="none"/>
<property name="db-user" value="CSEM"/>
<property name="user-name-column" value="USERID"/>
</auth-realm>
which defines my custom realm. The database layout looks like:
CREATE TABLE GROUPS
(
GROUPID VARCHAR(64) PRIMARY KEY NOT NULL,
OPLOCK INTEGER NOT NULL DEFAULT 0,
DESCRIPTION VARCHAR(255)
);
CREATE TABLE GROUPS_ROLES
(
GROUPID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT GROUPS_ROLES_PK PRIMARY KEY (GROUPID,ROLEID)
);
CREATE TABLE GROUPS_USERS
(
GROUPID VARCHAR(64) not null,
USERID VARCHAR(64) not null,
CONSTRAINT GROUPS_USERS_PK PRIMARY KEY (GROUPID,USERID)
);
CREATE TABLE ROLES
(
ROLEID VARCHAR(64) PRIMARY KEY not null,
OPLOCK INTEGER NOT NULL DEFAULT 0,
J2EE_GROUP VARCHAR(64) not null,
DESCRIPTION VARCHAR(255) not null
);
CREATE TABLE USERS
(
ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
OPLOCK INTEGER NOT NULL DEFAULT 0,
USERID VARCHAR(64) not null unique,
FULL_NAME VARCHAR(64),
ENABLED SMALLINT not null,
PASSWORD VARCHAR(32) not null,
LAST_LOGIN TIMESTAMP,
CURRENT_LOGIN TIMESTAMP
);
CREATE TABLE USERS_ROLES
(
USERID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT USERS_ROLES_PK PRIMARY KEY (USERID,ROLEID)
);
CREATE VIEW J2EE_USERS (USERID, PASSWORD) AS
SELECT U.USERID, U.PASSWORD
FROM USERS U WHERE U.ENABLED = 1;
CREATE VIEW J2EE_USER_GROUPS (USERID, GROUPID) AS
SELECT DISTINCT U.USERID, R.J2EE_GROUP FROM USERS U JOIN GROUPS_USERS GU
ON GU.USERID = U.USERID
JOIN GROUPS G ON G.GROUPID = GU.GROUPID
JOIN GROUPS_ROLES GR ON GR.GROUPID = G.GROUPID
JOIN ROLES R ON GR.ROLEID = R.ROLEID
UNION ALL SELECT U.USERID, 'CSEM_USER' FROM USERS U;
I then have a groups application where groups can be defined:
Group Summary Application
...
Group Edit Application
and then a users application where users can be mapped to groups or roles:
User Summary Application
...
User Edit Application
With this, my application allows the customer to create new groups that
combine security roles and new uses to assign
to the groups at runtime without editing any deployment descriptors or
having to redeploy.
Without this, the customer was forced to edit the deployment descriptors
in the EAR and redeploy.
Brett
Nick Beare wrote:
| Quote: |
Somebody out there must be doing this! It is a fairly standard
requirement (you ship an application to a client and let them set up
their own users). How is this done?
I am using BASIC authentication.
------------------------------------------------------------------------
*From:* Nick Beare [mailto:address-removed]
*Sent:* 12 September 2008 17:05
*To:* address-removed
*Subject:* [nbusers] How do I add users to roles for deployed Web
Applications?
Web gurus,
I have deployed an app, to a remote server, I now want to add some
real users to a role. How do I do this?
As per the tutorial:
http://www.netbeans.org/kb/60/web/security-webapps.html#loginform
I have set up users admin and user via the admin console,
Admin and User Roles plus AdminConstraint and UserConstraint Security
Constraints in web.xml,
Principals admin and user in sun-web.xml.
The app runs ok and the users |
|
| Back to top |
|
|
Nick Beare
Posted via mailing list.
|
| Posted: Tue Sep 16, 2008 2:18 pm Post subject: How do I add users to roles for deployed Web Applic ations? |
|
|
Brett,
Thanks for taking the time to reply!
I shall mull over your solution.
Regards
Nick
-----Original Message-----
From: Brett M. Bergquist [mailto:address-removed]
Sent: 16 September 2008 13:38
To: address-removed
Subject: Re: [nbusers] How do I add users to roles for deployed Web Applic
ations?
I have this requirement in my application using Glassfish as the
application server. I took a different route. I created my own JDBC
realm. I defined my roles and mapped permissions based no those to the
code (EJB meethods, web pages, etc). In "application.xml", I have my
security roles defined:
...
<security-role>
<description>Alarms Administrator</description>
<role-name>Alarms-Administrator</role-name>
</security-role>
<security-role>
<description>Alarms Operator</description>
<role-name>Alarms-Operator</role-name>
</security-role>
<security-role>
<description>Alarms Observer</description>
<role-name>Alarms-Observer</role-name>
</security-role>
<security-role>
<description>Device Administrator</description>
<role-name>Device-Administrator</role-name>
</security-role>
<security-role>
<description>Device Network Performance Administrator</description>
<role-name>Device-NP-Operator</role-name>
</security-role>
...
In "sun-application.xml", I have these roles mapped to group names that
match:
...
<security-role-mapping>
<role-name>Alarms-Administrator</role-name>
<group-name>Alarms-Administrator</group-name>
</security-role-mapping><
security-role-mapping>
<role-name>Alarms-Operator</role-name>
<group-name>Alarms-Operator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Alarms-Observer</role-name>
<group-name>Alarms-Observer</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-Administrator</role-name>
<group-name>Device-Administrator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-NP-Operator</role-name>
<group-name>Device-NP-Operator</group-name>
</security-role-mapping>
...
Then in domain.xml, I have:
<auth-realm
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"
name="csemRealm">
<property name="jaas-context" value="jdbcRealm"/>
<property name="password-column" value="PASSWORD"/>
<property name="datasource-jndi" value="jdbc/csemdb"/>
<property name="group-table" value="CSEM.J2EE_USER_GROUPS"/>
<property name="user-table" value="CSEM.J2EE_USERS"/>
<property name="group-name-column" value="GROUPID"/>
<property name="db-password" value="CSEM"/>
<property name="digest-algorithm" value="none"/>
<property name="db-user" value="CSEM"/>
<property name="user-name-column" value="USERID"/>
</auth-realm>
which defines my custom realm. The database layout looks like:
CREATE TABLE GROUPS
(
GROUPID VARCHAR(64) PRIMARY KEY NOT NULL,
OPLOCK INTEGER NOT NULL DEFAULT 0,
DESCRIPTION VARCHAR(255)
);
CREATE TABLE GROUPS_ROLES
(
GROUPID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT GROUPS_ROLES_PK PRIMARY KEY (GROUPID,ROLEID)
);
CREATE TABLE GROUPS_USERS
(
GROUPID VARCHAR(64) not null,
USERID VARCHAR(64) not null,
CONSTRAINT GROUPS_USERS_PK PRIMARY KEY (GROUPID,USERID)
);
CREATE TABLE ROLES
(
ROLEID VARCHAR(64) PRIMARY KEY not null,
OPLOCK INTEGER NOT NULL DEFAULT 0,
J2EE_GROUP VARCHAR(64) not null,
DESCRIPTION VARCHAR(255) not null
);
CREATE TABLE USERS
(
ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
OPLOCK INTEGER NOT NULL DEFAULT 0,
USERID VARCHAR(64) not null unique,
FULL_NAME VARCHAR(64),
ENABLED SMALLINT not null,
PASSWORD VARCHAR(32) not null,
LAST_LOGIN TIMESTAMP,
CURRENT_LOGIN TIMESTAMP
);
CREATE TABLE USERS_ROLES
(
USERID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT USERS_ROLES_PK PRIMARY KEY (USERID,ROLEID)
);
CREATE VIEW J2EE_USERS (USERID, PASSWORD) AS
SELECT U.USERID, U.PASSWORD
FROM USERS U WHERE U.ENABLED = 1;
CREATE VIEW J2EE_USER_GROUPS (USERID, GROUPID) AS
SELECT DISTINCT U.USERID, R.J2EE_GROUP FROM USERS U JOIN GROUPS_USERS GU
ON GU.USERID = U.USERID
JOIN GROUPS G ON G.GROUPID = GU.GROUPID
JOIN GROUPS_ROLES GR ON GR.GROUPID = G.GROUPID
JOIN ROLES R ON GR.ROLEID = R.ROLEID
UNION ALL SELECT U.USERID, 'CSEM_USER' FROM USERS U;
I then have a groups application where groups can be defined:
Group Summary Application
...
Group Edit Application
and then a users application where users can be mapped to groups or roles:
User Summary Application
...
User Edit Application
With this, my application allows the customer to create new groups that
combine security roles and new uses to assign
to the groups at runtime without editing any deployment descriptors or
having to redeploy.
Without this, the customer was forced to edit the deployment descriptors
in the EAR and redeploy.
Brett
Nick Beare wrote:
| Quote: |
Somebody out there must be doing this! It is a fairly standard
requirement (you ship an application to a client and let them set up
their own users). How is this done?
I am using BASIC authentication.
------------------------------------------------------------------------
*From:* Nick Beare [mailto:address-removed]
*Sent:* 12 September 2008 17:05
*To:* address-removed
*Subject:* [nbusers] How do I add users to roles for deployed Web
Applications?
Web gurus,
I have deployed an app, to a remote server, I now want to add some
real users to a role. How do I do this?
As per the tutorial:
http://www.netbeans.org/kb/60/web/security-webapps.html#loginform
I have set up users admin and user via the admin console,
Admin and User Roles plus AdminConstraint and UserConstraint Security
Constraints in web.xml,
Principals admin and user in sun-web.xml.
The app runs ok and the users 'user' and 'admin' can access
appropriate parts of the app.
I figured I needed to add a principle entry for each user into
'sun-web.xml'. I duly added them to the file in
domains\domain1\applications\j2ee-modules\myAppName\WEB-IF.
I restarted the domain, but the authorisation for the new users was
not recognised.
I then did a search and discover another copy of sun-web.xml in
domains\domain1\generated\xml\j2ee-modules\myAppName\WEB-IF, which had
an older time.
When does this get regenerated and what is best practice for adding
users to roles?
Regards
Nick Beare
Developer
Vixensoft
**Tel:** 01420 89898
**Fax:** 01420 541223
**Web:** www.vixensoft.co.uk <blocked::http://www.vixensoft.co.uk/>
**Head Office: **Market House, Lenten Street, Alton, Hampshire. GU34 1HG
ViXEN Software Solutions Ltd. Registered in England and Wales. Company
Number 4335138.
|
----------------------------------------------------------------------------
-------------------------------------------
| Quote: |
//Notice: This message contains information which may be confidential
and privileged. Unless you are the intended recipient (or are
authorised to receive this message for the intended recipient), you
may not use, copy, disseminate or disclose to anyone the message or
any information contained in the message. If you have received the
message in error, please advise the sender by reply e-mail and delete
the message. Thank you.///
//Disclaimer: No notice provided by e-mail shall be binding unless
confirmed by hard copy and signed by a duly authorised person.///
|
|
|
| Back to top |
|
|
thompsonwd40
Posted via mailing list.
|
| Posted: Tue Sep 16, 2008 3:19 pm Post subject: How do I add users to roles for deployed Web Applic ations? |
|
|
Brett,
Huge help for me! I have searched and searched for this info. Thank you for taking the time to compose and share this.
Best to you! David
-------------- Original message ----------------------
From: "Brett M. Bergquist" <address-removed>
| Quote: | I have this requirement in my application using Glassfish as the
application server. I took a different route. I created my own JDBC
realm. I defined my roles and mapped permissions based no those to the
code (EJB meethods, web pages, etc). In "application.xml", I have my
security roles defined:
|
<Snip> |
|
| Back to top |
|
|
Brett M. Bergquist
Posted via mailing list.
|
| Posted: Tue Sep 16, 2008 3:51 pm Post subject: How do I add users to roles for deployed Web Applic ations? |
|
|
Just one more point. We also use JasperServer which uses the Acegis
security. JasperServer has its own repository of users and groups and
security management. I wanted to have a central place for defining
users and groups and fortunately JasperServer has the ability to import
security information on the fly. Jaspserver security needs to have the
role names that start with "ROLE_xxx" so that is why I have a separate
"ROLEID" in the table "ROLES". It is used to map the role to what can
be supported by JasperServer.
Here is some of the data initialization that I have to setup the initial
tables:
INSERT INTO ROLES (ROLEID,J2EE_GROUP,DESCRIPTION) VALUES
('ROLE_ALARMS-ADMINISTRATOR','Alarms-Administrator','Ability to Setup
and Purge alarms');
INSERT INTO ROLES (ROLEID,J2EE_GROUP,DESCRIPTION) VALUES
('ROLE_ALARMS-OPERATOR','Alarms-Operator','Ability to update alarms');
INSERT INTO ROLES (ROLEID,J2EE_GROUP,DESCRIPTION) VALUES
('ROLE_ALARMS-OBSERVER','Alarms-Observer','Ability to observer alarms');
INSERT INTO ROLES (ROLEID,J2EE_GROUP,DESCRIPTION) VALUES
('ROLE_DEVICE-ADMINISTRATOR','Device-Administrator','Ability to perform
system, security and access functions on devices');
INSERT INTO ROLES (ROLEID,J2EE_GROUP,DESCRIPTION) VALUES
('ROLE_DEVICE-NP-OPERATOR','Device-NP-Operator','Ability to perform
Network Performance feature device updates');
INSERT INTO GROUPS (GROUPID, DESCRIPTION) VALUES
('Administrator', 'Network Device Administrators');
INSERT INTO GROUPS (GROUPID, DESCRIPTION) VALUES
('Operator', 'Network Device Operators');
INSERT INTO GROUPS (GROUPID, DESCRIPTION) VALUES
('Observer', 'Network Device Observers');
...
INSERT INTO GROUPS_ROLES (GROUPID, ROLEID) VALUES
('CV-Administrator', 'ROLE_ALARMS-ADMINISTRATOR');
INSERT INTO GROUPS_ROLES (GROUPID, ROLEID) VALUES
('CV-Administrator', 'ROLE_DEVICE-ADMINISTRATOR');
INSERT INTO GROUPS_ROLES (GROUPID, ROLEID) VALUES
('CV-Administrator', 'ROLE_DEVICE-NP-OPERATOR');
INSERT INTO USERS (USERID, FULL_NAME, ENABLED, PASSWORD)
VALUES ('admin', 'System Administrator', 1, 'admin');
INSERT INTO USERS (USERID, FULL_NAME, ENABLED, PASSWORD)
VALUES ('guest', 'Guest User', 1, 'guest');
...
INSERT INTO GROUPS_USERS (GROUPID, USERID)
VALUES('Administrator', 'admin');
INSERT INTO GROUPS_USERS (GROUPID, USERID)
VALUES('Operator', 'admin');
INSERT INTO GROUPS_USERS (GROUPID, USERID)
VALUES('Observer', 'admin');
INSERT INTO GROUPS_USERS (GROUPID, USERID)
VALUES('Observer', 'guest');
Brett M. Bergquist wrote:
| Quote: | I have this requirement in my application using Glassfish as the
application server. I took a different route. I created my own JDBC
realm. I defined my roles and mapped permissions based no those to the
code (EJB meethods, web pages, etc). In "application.xml", I have my
security roles defined:
...
<security-role>
<description>Alarms Administrator</description>
<role-name>Alarms-Administrator</role-name>
</security-role>
<security-role>
<description>Alarms Operator</description>
<role-name>Alarms-Operator</role-name>
</security-role>
<security-role>
<description>Alarms Observer</description>
<role-name>Alarms-Observer</role-name>
</security-role>
<security-role>
<description>Device Administrator</description>
<role-name>Device-Administrator</role-name>
</security-role>
<security-role>
<description>Device Network Performance Administrator</description>
<role-name>Device-NP-Operator</role-name>
</security-role>
...
In "sun-application.xml", I have these roles mapped to group names
that match:
...
<security-role-mapping>
<role-name>Alarms-Administrator</role-name>
<group-name>Alarms-Administrator</group-name>
</security-role-mapping><
security-role-mapping>
<role-name>Alarms-Operator</role-name>
<group-name>Alarms-Operator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Alarms-Observer</role-name>
<group-name>Alarms-Observer</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-Administrator</role-name>
<group-name>Device-Administrator</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Device-NP-Operator</role-name>
<group-name>Device-NP-Operator</group-name>
</security-role-mapping>
...
Then in domain.xml, I have:
<auth-realm
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"
name="csemRealm">
<property name="jaas-context" value="jdbcRealm"/>
<property name="password-column" value="PASSWORD"/>
<property name="datasource-jndi" value="jdbc/csemdb"/>
<property name="group-table" value="CSEM.J2EE_USER_GROUPS"/>
<property name="user-table" value="CSEM.J2EE_USERS"/>
<property name="group-name-column" value="GROUPID"/>
<property name="db-password" value="CSEM"/>
<property name="digest-algorithm" value="none"/>
<property name="db-user" value="CSEM"/>
<property name="user-name-column" value="USERID"/>
</auth-realm>
which defines my custom realm. The database layout looks like:
CREATE TABLE GROUPS
(
GROUPID VARCHAR(64) PRIMARY KEY NOT NULL,
OPLOCK INTEGER NOT NULL DEFAULT 0,
DESCRIPTION VARCHAR(255)
);
CREATE TABLE GROUPS_ROLES
(
GROUPID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT GROUPS_ROLES_PK PRIMARY KEY (GROUPID,ROLEID)
);
CREATE TABLE GROUPS_USERS
(
GROUPID VARCHAR(64) not null,
USERID VARCHAR(64) not null,
CONSTRAINT GROUPS_USERS_PK PRIMARY KEY (GROUPID,USERID)
);
CREATE TABLE ROLES
(
ROLEID VARCHAR(64) PRIMARY KEY not null,
OPLOCK INTEGER NOT NULL DEFAULT 0,
J2EE_GROUP VARCHAR(64) not null,
DESCRIPTION VARCHAR(255) not null
);
CREATE TABLE USERS
(
ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
OPLOCK INTEGER NOT NULL DEFAULT 0,
USERID VARCHAR(64) not null unique,
FULL_NAME VARCHAR(64),
ENABLED SMALLINT not null,
PASSWORD VARCHAR(32) not null,
LAST_LOGIN TIMESTAMP,
CURRENT_LOGIN TIMESTAMP
);
CREATE TABLE USERS_ROLES
(
USERID VARCHAR(64) not null,
ROLEID VARCHAR(64) not null,
CONSTRAINT USERS_ROLES_PK PRIMARY KEY (USERID,ROLEID)
);
CREATE VIEW J2EE_USERS (USERID, PASSWORD) AS
SELECT U.USERID, U.PASSWORD
FROM USERS U WHERE U.ENABLED = 1;
CREATE VIEW J2EE_USER_GROUPS (USERID, GROUPID) AS
SELECT DISTINCT U.USERID, R.J2EE_GROUP FROM USERS U JOIN GROUPS_USERS
GU ON GU.USERID = U.USERID
JOIN GROUPS G ON G.GROUPID = GU.GROUPID
JOIN GROUPS_ROLES GR ON GR.GROUPID = G.GROUPID
JOIN ROLES R ON GR.ROLEID = R.ROLEID
UNION ALL SELECT U.USERID, 'CSEM_USER' FROM USERS U;
I then have a groups application where groups can be defined:
Group Summary Application
...
Group Edit Application
and then a users application where users can be mapped to groups or
roles:
User Summary Application
...
User Edit Application
With this, my application allows the customer to create new groups
that combine security roles and new uses to assign
to the groups at runtime without editing any deployment descriptors or
having to redeploy.
Without this, the customer was forced to edit the deployment
descriptors in the EAR and redeploy.
Brett
Nick Beare wrote:
| Quote: |
Somebody out there must be doing this! It is a fairly standard
requirement (you ship an application to a client and let them set up
their own users). How is this done?
I am using BASIC authentication.
------------------------------------------------------------------------
*From:* Nick Beare [mailto:address-removed]
*Sent:* 12 September 2008 17:05
*To:* address-removed
*Subject:* [nbusers] How do I add users to roles for deployed Web
Applications?
Web gurus,
I have deployed an app, to a remote server, I now want to add some
real users to a role. How do I do this?
As per the tutorial:
http://www.netbeans.org/kb/60/web/security-webapps.html#loginform
I have set up users admin and user via the admin console,
Admin and User Roles plus AdminConstraint and UserConstraint Security
Constraints in web.xml,
Principals admin and user in sun-web.xml.
The app runs ok and the users |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
|
|
|
| | |
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
