tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John MccLain" <>
Subject Security and includes question
Date Tue, 24 Feb 2004 17:26:15 GMT
IN reading a Tomcat manual, I noticed that security constraints are only
applied via client interactions with the secured object. I.E., If you
redirect from within a secured object to another secured object, the
redirection is not authenticated. Is there a way in Tomcat to secure ALL the
objects you need and only use declarative security to authorize access to
your objects instead of programmatic security where you check for
authorization in code??

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message