tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <knst.koli...@gmail.com>
Subject Re: How can the login page see parameters in the original request?
Date Thu, 01 Jan 2009 23:53:45 GMT
2009/1/1  <removeps-groups@yahoo.com>:
> Do you mean set session attributes?  How do you do that from the client side?
>
>

a) You can set them in another page (an unprotected one) that is
accessed before,
or that redirects to this one.

b) You can pass your secrets as a cookie, or as a request header. Cookies
can be created on the client side.

c) You can use RemoteAddrValve and block those clients that should not
know about your service.

d) You can throw away all the security constraints from web.xml and use
alternative approaches, e.g. those that implement a Filter, e.g.

securityfilter ([1]), that is ofter mentioned on this list and should be easy
to adopt, or some others

[1] http://securityfilter.sourceforge.net/

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message