At this moment, users and their rights are configured in Tomcat itself. In the Tomcat directory, there is a subdirectory called "conf", which contains all configuration files. Among these configuration files there is one called "tomcat-users.xml". In here, all users and their personal rights are determined.
<tomcat-users> <role rolename="Consulterend Gebruiker" /> <role rolename="Editeerder" /> <role rolename="Goedkeurder" /> <role rolename="Beheerder" /> <user username="guest" password="guest" roles="Consulterend Gebruiker" /> <user username="editor" password="pass" roles="Consulterend Gebruiker,Editeerder" /> </tomcat-users>
This is an example of this tomcat-users.xml file with 4 roles and 2 users. The MAJAS platform depends on 4 roles for all functionality. We'll go over them one by one:
Consulterend Gebruiker: A consulting role. This is the most basic role. A user with only this role, can consult all he wants, but does not have the right to change anything.
Editeerder: This is a role that is allowed to make changes. Still these changes do not apply immediatly. Approval and acceptance are still required to make the changes a reality.
Goedkeurder: This role can approve the changes made by users with the 'Editeerder' role. Still a final acceptance stage is needed to make the changes a reality.
Beheerder: The final adminning role. This role can accept/reject changes that were previously approved. After acceptance, the changes are made permanent in the datastore, and made visible in the application.
Besides the roles, there is also th epossibility to create users here. These users are defined with only three parameters:
username: The name of the user. This is an important one, because this username will be needed further along in the configuration to allow certain users in certain applications. This username is also required when logging in.
password: The user's password. Required for login.
roles: Each user can have one or more roles. These roles refer to the ones previously mentioned.
As an example, let's take a look at the "guest" user. He only has the role "Consulterend Gebruiker" and as such can only consult the application, without making any changes. The editor user on the other hand, has 2 roles. He can both consult data and make changes. As described above, these changes are not permanent until they are both approved by someone with the role "Goedkeurder" and accepted by someone with the role "Beheerder".