Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 31953 invoked from network); 1 Jan 2009 23:54:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Jan 2009 23:54:25 -0000 Received: (qmail 12866 invoked by uid 500); 1 Jan 2009 23:54:13 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 12843 invoked by uid 500); 1 Jan 2009 23:54:13 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 12832 invoked by uid 99); 1 Jan 2009 23:54:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Jan 2009 15:54:13 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com designates 209.85.218.13 as permitted sender) Received: from [209.85.218.13] (HELO mail-bw0-f13.google.com) (209.85.218.13) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Jan 2009 23:54:06 +0000 Received: by bwz6 with SMTP id 6so16222919bwz.0 for ; Thu, 01 Jan 2009 15:53:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Kow2U1My1o2teJztAYNlheVsUNE36s4zMyNvDP2m3+4=; b=TjmulzTIOCbFrEkFq+stHUwCLIq8CwU4FxVObOS1zk0jYvtpVxX2vySCglaU3MFBm5 DT/E2KtHT0tPO/l83wq566LjE5jJ5g+XAXVh4IwG/AlP9AMGazReUjinpzaO/Frt1Ngd 8/HVH24f9qJIGq/y3xlI+Bx0W8vYnSgifRXAw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=a3ikTBXBHR0xJdC/nYce05kuBNJW9q/XTUpyVTztmt31C9OabbfVydUt0t3zc+bZIt iAZmLYiGN/7rDgABjsSyP1G+I8Q5CDNPemQxQd2RNCZbjGPNnoIB0w4fstbEAlyq+u7B 4VIsxGL9StbnBbk72KnHu3+uHq/UMlOfnt3eE= Received: by 10.103.93.18 with SMTP id v18mr242355mul.43.1230854025257; Thu, 01 Jan 2009 15:53:45 -0800 (PST) Received: by 10.103.199.7 with HTTP; Thu, 1 Jan 2009 15:53:45 -0800 (PST) Message-ID: <427155180901011553x361ca98aqa23fa23ddfa77d37@mail.gmail.com> Date: Fri, 2 Jan 2009 02:53:45 +0300 From: "Konstantin Kolinko" To: "Tomcat Users List" Subject: Re: How can the login page see parameters in the original request? In-Reply-To: <162510.29906.qm@web81102.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <427155180812310543p563e068el45616b9f9bb56282@mail.gmail.com> <162510.29906.qm@web81102.mail.mud.yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org 2009/1/1 : > Do you mean set session attributes? How do you do that from the client side? > > a) You can set them in another page (an unprotected one) that is accessed before, or that redirects to this one. b) You can pass your secrets as a cookie, or as a request header. Cookies can be created on the client side. c) You can use RemoteAddrValve and block those clients that should not know about your service. d) You can throw away all the security constraints from web.xml and use alternative approaches, e.g. those that implement a Filter, e.g. securityfilter ([1]), that is ofter mentioned on this list and should be easy to adopt, or some others [1] http://securityfilter.sourceforge.net/ Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org