Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 45753 invoked from network); 12 Aug 2002 20:39:09 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 12 Aug 2002 20:39:09 -0000 Received: (qmail 7372 invoked by uid 97); 12 Aug 2002 20:38:52 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 7335 invoked by uid 97); 12 Aug 2002 20:38:51 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 7301 invoked by uid 98); 12 Aug 2002 20:38:50 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Subject: user's roles verification From: Alexander Wallace To: Tomcat Users List Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 12 Aug 2002 15:43:58 +0100 Message-Id: <1029163438.13736.145.camel@debnomo1> Mime-Version: 1.0 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I've got (i think) Realms working. I need some advice for good practices... My original idea (before hearing about realms and such) was to direct all requests for any resource of my webapp to a servlet that would verify user roles. Then I was told here that i would run into a lot of problems if I did that. And was recomended to check filters and that realms are for this purpose. Here is my main question: Using realms, should each jsp verify the role of the user trying to access it? Or is there a more elegant way to do it, to keep code in jsp minimum and centralize that task? The verification will have to happen for each one of the pages in my web app.. Thank you in advance! -- To unsubscribe, e-mail: For additional commands, e-mail: