tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Protected Page Assertion method
Date Tue, 28 Nov 2000 20:42:21 GMT
Charlie Hinson wrote:

> Is there an easy way to tell if a page is going to require authentication/authorization
before it is dynamically included within a jsp/servlet.
> Charlie

If you are using container-managed security, pages that are included (with <jsp:include>
or RequestDispatcher.include()) do not have security
constraints applies against them.  The servlet container only looks at the request URI of
the original request to decide what security constraint
to apply.

If you are managing security inside your own application, the answer to this question is totally
dependent on your application.

Craig McClanahan

View raw message