tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Wallace <tomca...@rwsoft-online.com>
Subject Re: user's roles verification
Date Mon, 12 Aug 2002 17:57:21 GMT
Excellent! This sounds just great!

Thanks to all that helped!

On Mon, 2002-08-12 at 22:55, Craig R. McClanahan wrote:
> 
> 
> On 12 Aug 2002, Alexander Wallace wrote:
> 
> > Date: 12 Aug 2002 15:43:58 +0100
> > From: Alexander Wallace <tomcater@rwsoft-online.com>
> > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > Subject: user's roles verification
> >
> >
> >
> > I've got (i think) Realms working. I need some advice for good
> > practices...
> >
> > My original idea (before hearing about realms and such) was to direct
> > all requests for any resource of my webapp to a servlet that would
> > verify user roles.
> >
> > Then I was told here that i would run into a lot of problems if I did
> > that. And was recomended to check filters and that realms are for this
> > purpose.
> >
> > Here is my main question: Using realms, should each jsp verify the role
> > of the user trying to access it? Or is there a more elegant way to do
> > it, to keep code in jsp minimum and centralize that task?
> >
> > The verification will have to happen for each one of the pages in my web
> > app..
> >
> > Thank you in advance!
> >
> 
> Using Filters would be for if you want your app to do its own checking.
> 
> Using Realms (as provided by Tomcat) implies that you are defining a
> <security-constraint> in your web application that says, in essence, "in
> order to access the following URLs, the user must be authenticated *and*
> possess one of the following roles".  If you are using this approach, your
> app doesn't have to do a thing (other than define the security constraint
> element in web.xml) -- the container does all the work for you.
> 
> Craig
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message