tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: howto setup url security constraint with parameters?
Date Thu, 05 Nov 2009 22:43:44 GMT
Pivo wrote:
> Caldarale, Charles R wrote:
>>> From: Piavlo [mailto:lolitushka@gmail.com]
>>> Subject: Re: howto setup url security constraint with parameters?
>>>
>>> The problem is that  <WatchedResource> does not work for user dirs
>>> defined with org.apache.catalina.startup.UserConfig
>>>     
>> Sounds like a bug, but I haven't looked at the code.  What version of Tomcat are
you using?
>>   
> Currently 6.0.20 , but this also does not work with 5.5 versions.
> But putting aside the buggy  WatchedResource issue -  is there a way to
> do a security constraint of a url on granularity of also matching
> specific HTTP GET parameters/values pairs in that url?
> 

Just jumping in with some lateral thinking, and without the background.
The idea would be to catch these requests earlier, and dispatch them, on 
the base of the GET parameters, to different webapps, each with it's 
appropriate security constraints.
I think a servlet filter (such as the URLRewriteFilter) would be too 
late already.
But a front-end Apache httpd would not.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message