Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 71060 invoked from network); 28 Nov 2000 20:41:07 -0000 Received: from lukla.sun.com (192.18.98.31) by locus.apache.org with SMTP; 28 Nov 2000 20:41:07 -0000 Received: from centralmail1.Central.Sun.COM ([129.147.62.10]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA25100 for ; Tue, 28 Nov 2000 13:41:01 -0700 (MST) Received: from esun1as-mm. (esun1as-mm.Central.Sun.COM [129.147.34.144]) by centralmail1.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with SMTP id NAA24731 for ; Tue, 28 Nov 2000 13:40:57 -0700 (MST) Received: from eng.sun.com by esun1as-mm. (SMI-8.6/SMI-SVR4) id NAA06464; Tue, 28 Nov 2000 13:53:40 -0700 Message-ID: <3A2418AD.CD58C8FB@eng.sun.com> Date: Tue, 28 Nov 2000 12:42:21 -0800 From: "Craig R. McClanahan" X-Mailer: Mozilla 4.75 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: tomcat-user@jakarta.apache.org Subject: Re: Protected Page Assertion method References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N Charlie Hinson wrote: > Is there an easy way to tell if a page is going to require authentication/authorization before it is dynamically included within a jsp/servlet. > > Charlie If you are using container-managed security, pages that are included (with or RequestDispatcher.include()) do not have security constraints applies against them. The servlet container only looks at the request URI of the original request to decide what security constraint to apply. If you are managing security inside your own application, the answer to this question is totally dependent on your application. Craig McClanahan