tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charlie Hinson" <chin...@adsyg.com>
Subject Does anybody want or need this functionality
Date Wed, 29 Nov 2000 00:07:20 GMT
Yes this is what we have found. Therefore, we have created our own by revealing several request
methods through the facade. This works great for us, but doesn't lend itself to sites that
host for multiple organizations. Since this is very useful for complex web sites, I would
consider submitting some work in this area if I could get some input from the team. The proposed
method would reside in the request facade (?), ie. request.assertPageAuth(pathToCheck). Along
with this, the ability to authenticate/authorize is necessary. Which I have also implemented
in my servlet container. Who on the team is working in this area and would be willing to help
or give some useful design input?


Charlie

>>> Craig.McClanahan@eng.sun.com 11/28/00 03:42PM >>>
Charlie Hinson wrote:

> Is there an easy way to tell if a page is going to require authentication/authorization
before it is dynamically included within a jsp/servlet.
>
> Charlie

If you are using container-managed security, pages that are included (with <jsp:include>
or RequestDispatcher.include()) do not have security
constraints applies against them.  The servlet container only looks at the request URI of
the original request to decide what security constraint
to apply.

If you are managing security inside your own application, the answer to this question is totally
dependent on your application.

Craig McClanahan



Mime
View raw message