D
David
I am using J2EE security to restrict what roles are allowed to access
certain URLs. ie 'Managers' and 'Buyer' are allowed to access
'/viewdetails' but only 'Managers' are allowed to access '/delete'
details.
This is simple to acheive via the web.xml, but in effect what it is
saying for '/viewdetails' is 'allow access if user is in EITHER of the
roles.'
....what I need to be able to do (for a different more complex app) is
restrict access to only people who are in BOTH roles.
Is this possible?
If so how?
....I thought it would be a simple case of including two security
constraints, both for the same URI, but one including 'Managers' and
the other including 'Buyers' and that a user would have to pass both
security constraints to be allowed access - But this was still treated
as an Either/Or.
Does anyone know how to restrict access in this way?
Thanks for any help!
David Bevan
http://www.davidbevan.co.uk
certain URLs. ie 'Managers' and 'Buyer' are allowed to access
'/viewdetails' but only 'Managers' are allowed to access '/delete'
details.
This is simple to acheive via the web.xml, but in effect what it is
saying for '/viewdetails' is 'allow access if user is in EITHER of the
roles.'
....what I need to be able to do (for a different more complex app) is
restrict access to only people who are in BOTH roles.
Is this possible?
If so how?
....I thought it would be a simple case of including two security
constraints, both for the same URI, but one including 'Managers' and
the other including 'Buyers' and that a user would have to pass both
security constraints to be allowed access - But this was still treated
as an Either/Or.
Does anyone know how to restrict access in this way?
Thanks for any help!
David Bevan
http://www.davidbevan.co.uk