Multiple dwr.xml files and Java EE security
Generally speaking you will only need one dwr.xml file and that will be in the default position: WEB-INF/dwr.xml. So you can leave this parameter out.
There are 3 reasons why you might wish to specify a different position for dwr.xml:
- You wish to keep dwr.xml with the files that it gives access to. In which case the section might have a param-value something like
<param-value>WEB-INF/classes/com/yourco/dwr/dwr.xml</param-value>. - You may have a large number of remoted classes and wish to keep the definitions in separate files. In this case you will have the section above repeated several times each with a different
param-namethat begins 'config' and each pointing at a different file. DWR will read them all in turn. - DWR can use J2EE URL security built into the servlet spec to give different groups of users access to different functions. You simply define more than one dwr servlet by repeating the stanza at the top of the page with different names, urls and permissions.
If you do wish to use it then the syntax is as follows:
<init-param> <param-name>config*****</param-name> <param-value>WEB-INF/dwr.xml</param-value> <description>What config file do we use?</description> </init-param>
Where config***** means any param-name that begins with the string 'config'. This parameter can be specified as many times as required, however the param-name should be different for each.
An example configuration to use J2EE servlet security is as follows:
<servlet>
<servlet-name>dwr-user-invoker</servlet-name>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<init-param>
<param-name>config-user</param-name>
<param-value>WEB-INF/dwr-user.xml</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>dwr-admin-invoker</servlet-name>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<init-param>
<param-name>config-admin</param-name>
<param-value>WEB-INF/dwr-admin.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>dwr-admin-invoker</servlet-name>
<url-pattern>/dwradmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dwr-user-invoker</servlet-name>
<url-pattern>/dwruser/*</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>dwr-admin</display-name>
<web-resource-collection>
<web-resource-name>dwr-admin-collection</web-resource-name>
<url-pattern>/dwradmin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>dwr-user</display-name>
<web-resource-collection>
<web-resource-name>dwr-user-collection</web-resource-name>
<url-pattern>/dwruser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
