forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Upayavira ...@upaya.co.uk>
Subject Re: Adding authorization on some pages
Date Thu, 22 Apr 2004 08:46:09 GMT
Mikael Sitruk wrote:

>Dave hi
>
>Editing the web.xml may be fine for few files, nevertheless I was
>thinking at something automatic, without requiring web admin
>intervention or manual change, just like the htmls are generated from
>xml file...
>Is it possible??
>  
>
Authentication information cannot be stored in the generated HTML files. 
It is the job of your web server or servlet container to handle 
authentication.

If you are serving static HTML files from Apache, then use Apache's 
authentication.

If you are serving pages dynamically from a servlet container, then use 
the servlet container's authentication (as described below).

If you are serving pages dynamically from a servlet container, which is 
behind an Apache web server (which is recommended) then you can use either.

Usually, authentication schemes can be applied to specific directories, 
so that all files in that directory are covered by the authentication 
scheme.

Upayavira

>
> 
>On Wed, 2004-04-21 at 16:17, Dave Brondsema wrote:
>  
>
>>Mikael Sitruk wrote:
>>    
>>
>>>Hi
>>>
>>>I would like to add authorization on some pages, for example when
>>>someone will click "download" link or the "internal resource" page, the
>>>user will be able to get these link/pages only if he is authorized to.
>>>If not, the user will be redirected to the login page or an error page.
>>>Of course the pages will run in a servlet container, and I presume 
>>>these links will be redirected first to an authorization servlet.
>>>Has someone did such thing? 
>>>Is there a place I can find an example? 
>>>Do I have to redirect manually (editing the xml) all the link to the
>>>servlet (assuming that I already have a site without the authorization)?
>>>If I redirect all the link to the servlet, I need also to pass the
>>>target of the link to the servlet (so he can do forward), does it mean I
>>>need to add something like "?target_page=<value>" in the links, or is
>>>there another solution (xmap???)
>>>
>>>Regards,
>>>Mikael.S
>>>
>>>      
>>>
>>If you are hosting statically generated pages within the servlet, you 
>>can put use web.xml security to limit access to certain directories. 
>>This file is not a source file, so it would be placed outside the xdocs 
>>dir (src/documentation/content/WEB-INF/web.xml).  See 
>>http://xml.apache.org/forrest/faq.html#link_raw
>>
>>If you are hosting the site as a dynamic webapp within the servlet, you 
>>should be able to modify the web.xml in the war file before deploying it.
>>    
>>
>
>  
>



Mime
View raw message