Meaningless Drivel is fun!*
The moose likes Security and the fly likes Extract security configurations from web.xml to external tool? How to? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Extract security configurations from web.xml to external tool? How to?" Watch "Extract security configurations from web.xml to external tool? How to?" New topic
Author

Extract security configurations from web.xml to external tool? How to?

Stanley Walker
Ranch Hand

Joined: Sep 23, 2009
Posts: 87
HI,

My question is how do i avoid mentioning authorization parameters in deployment descriptors, eg how do i perform authorization checks without mentioning security role, security constraints? is there any way in which i can extract the security configurations done in web.xml and configure the same in some tool?
The reason i want to do that are:

1. in a typical application there may be close to 200 url patterns, and multiple security roles. It becomes a very difficult task to rely only on the web.xml parameters.
2. i would also like the capability to alter role access mappings without making any changes in the applications. eg. customer role has access to /Buy.jsp , i also want to grant access to dealer role to /buy.jsp or may be even prevent customer role from accessing /buy.jsp
3. i also do not want to rely heavily on programmatic security because it may end up causing code changes eg: isUserInRole('CUSTOMER') may be required to change to isUserInRole('CUSTOMER')||isUserInRole('DEALER')

Are there any tools available in the market which can meet my needs?

Any help in this matter will be greatly appreciated.
manjesh ipp
Greenhorn

Joined: Jan 01, 2011
Posts: 9
Take a look at Apache product
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Extract security configurations from web.xml to external tool? How to?
 
Similar Threads
JSF access control
Problem with navigation in JSF with Filter
image rendering issue with h:commandButton
Web app Security Confusion
Starting with JSF 2.0 - Clearing login page