tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Wallace <tomca...@rwsoft-online.com>
Subject RE: Problems with <url-pattern>*
Date Sat, 10 Aug 2002 19:29:40 GMT
Thank you! I will read the info in those links. I hope i can handle it!
This is all very new and sometimes confusing to me.

I do have <url-pattern>/</url-pattern>

But if i type /whatever, i'm checking in my servlet for that and doing a
forward to my desired jsp or whatever. Although this seems to be working
now ( i do get the content of my jsps and all that), I guess I should
follow your advice, since that's what thos things (realms and filters)
are made for.

Thankyou again!

On Sat, 2002-08-10 at 20:27, Jacob Hookom wrote:
> 
> 
> | -----Original Message-----
> | From: Alexander Wallace [mailto:tomcater@rwsoft-online.com]
> | Sent: Saturday, August 10, 2002 7:56 AM
> | To: Tomcat Users List
> | Subject: Re: Problems with <url-pattern>*
> | 
> | Ok, but what I mean by access rights are a set of very custom
> | permissions (existing in a database table) givent to different roles
> | asigned to users of my web app, is that also handled by filters?
> 
> You will want to look at using a JdbcRealm which will take care of that
> for you.  Realms are the new standard for handling user roles.
> 
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRea
> lm
> 
> Otherwise you can do a filter like Craig mentioned which acts as an
> intermediary before requests hit your servlet or pages in the first
> place.
> 
> http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html
> 
> | 
> | Also, at this point I my servlet does receive requests (let's say
> | /login) and checks if the users (in this case by providing an id in
> the
> | url) is trying to log in into a valid "company" in the web app, and if
> | so, I use a forward to a jsp that actually shows the login form and
> | let's them log in. I'm not sure if you meant I was not going to be
> able
> | to serve anyghing from my servlet, but i do.
> 
> I think the assumption was that you were binding to just "/" not
> "/login".  If you just do "/" then you will run into major issues as
> Craig mentioned.
> 
> | 
> | I'm I all confused then? I'm sorry if i sound too newbie... I am tho
> :/
> 
> -Jake
> 
> | 
> | On Sat, 2002-08-10 at 18:59, Craig R. McClanahan wrote:
> | >
> | >
> | > On 10 Aug 2002, Alexander Wallace wrote:
> | >
> | > > Date: 10 Aug 2002 12:17:03 +0100
> | > > From: Alexander Wallace <tomcater@rwsoft-online.com>
> | > > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> | > > To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> | > > Subject: Re: Problems with <url-pattern>*
> | > >
> | > > What I need to be able to do is to make sure, that every request,
> for
> | > > any page has enought rights to view the page and use it, So i
> thought
> | of
> | > > using a servlet as a controller. If I understand correctly what
> you
> | > > talked about in this and your previous post, using the servlet
> mapping
> | > > to "/" will not work at some point.
> | > >
> | > > I'm not that experienced yet in these matters, could you ilustrate
> to
> | me
> | > > a bit why this won't cut it?
> | > >
> | >
> | > Using a *servlet* for your purpose (checking access rights) will not
> | work
> | > at all -- see my previous post for why you should use a Filter
> instead.
> | >
> | > The problem with the "/" mapping in particular is that this mapping
> is
> | > assigned, by default, to a servlet that serves static content.  So,
> when
> | > you make a request to a URL like:
> | >
> | >   http://localhost:8080/myapp/index.html
> | >
> | > you generally won't have a servlet mapped to this -- and Tomcat
> assigns
> | it
> | > to the default file-serving servlet, which serves the "/index.html"
> | static
> | > resource from your web application for you.
> | >
> | > If you map a servlet to "/", you have just *replaced* the standard
> | > processing, because Tomcat will map the request to your servlet
> instead
> | of
> | > the standard one.  Now, let's assume that the user has the rights
> they
> | > need to access that resource and you want to let them have it.  What
> | > should your rights-checking servlet do?
> | >
> | > That's right ... you're stuck.  There is no way to ask Tomcat to
> serve
> | the
> | > resource, because there is no longer any mapping for the default
> | > file-serving servlet.
> | >
> | > The answer is to use a Filter instead, because a Filter can examine
> a
> | > request *before* it is given to a servlet, and either intercept it
> (not
> | > enough access rights) or pass it on (access rights are fine).
> | >
> | > Do some google searches on "servlet filter" and you will find
> pointers
> | to
> | > some articles about how they work.
> | >
> | > > Thank you!
> | >
> | > Craig
> | >
> | >
> | > >
> | > > On Sat, 2002-08-10 at 00:40, Craig R. McClanahan wrote:
> | > > >
> | > > >
> | > > > On Fri, 9 Aug 2002, Todd Kaplinger wrote:
> | > > >
> | > > > > Date: Fri, 09 Aug 2002 17:43:36 -0400
> | > > > > From: Todd Kaplinger <todd_kaplinger@hotmail.com>
> | > > > > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>,
> | > > > >      kaplinger@Alum.Bentley.edu
> | > > > > To: tomcat-user@jakarta.apache.org
> | > > > > Subject: Re: Problems with <url-pattern>*
> | > > > >
> | > > > > define a servlet mapping of just "/". this is the default
> servlet
> | mapping.
> | > > >
> | > > > That's still not going to work for what the proposed use case
> was --
> | > > > because you've just disabled the default file-serving servlet
> that
> | serves
> | > > > static content.
> | > > >
> | > > > Craig
> | > > >
> | > > >
> | > > > --
> | > > > To unsubscribe, e-mail:   <mailto:tomcat-user-
> | unsubscribe@jakarta.apache.org>
> | > > > For additional commands, e-mail: <mailto:tomcat-user-
> | help@jakarta.apache.org>
> | > > >
> | > >
> | > >
> | > >
> | > > --
> | > > To unsubscribe, e-mail:   <mailto:tomcat-user-
> | unsubscribe@jakarta.apache.org>
> | > > For additional commands, e-mail: <mailto:tomcat-user-
> | help@jakarta.apache.org>
> | > >
> | > >
> | >
> | >
> | > --
> | > To unsubscribe, e-mail:   <mailto:tomcat-user-
> | unsubscribe@jakarta.apache.org>
> | > For additional commands, e-mail: <mailto:tomcat-user-
> | help@jakarta.apache.org>
> | >
> | 
> | 
> | 
> | --
> | To unsubscribe, e-mail:   <mailto:tomcat-user-
> | unsubscribe@jakarta.apache.org>
> | For additional commands, e-mail: <mailto:tomcat-user-
> | help@jakarta.apache.org>
> | 
> | ---
> | Incoming mail is certified Virus Free.
> | Checked by AVG anti-virus system (http://www.grisoft.com).
> | Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
> | 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>  
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message