tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat Security
Date Sun, 29 Oct 2006 12:50:10 GMT

Maurice Yarrow wrote:
> So what I would like to know how to do is how to programmatically
> bypass web.xml-based authorization and impose this authorization
> on a access-case-by-case but take advantage of applying
> the induced security contraint  to any URL pattern desired (Chuck's
> wording)  ?

IIRC, web.xml-based authentication is pretty much all-or-nothing. You
can protect /some/ pages using that mechanism (say, those that allow
your users to administer their own galleries), and then leave the
browsing capabilities "completely open" according to web.xml, but then
use your own servlet(s) to impose further restrictions.


View raw message