tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Token Security
Date Wed, 11 Nov 2009 21:51:52 GMT
John Morrison wrote:
> Hi,
> I've been asked to put some security in place for a website, at the moment
> there are two requirements with a possible extension;
> 1) The referer must be XXX (configurable)
> 2) There must be a token passed either GET or POST in the URL which
> matches some internally generated code.
> The possible extension would be the token passed in would be sent to
> (another) webserver for validation.
> I've been looking at this, and I *think* that I need to add a JAAS realm,
> but I can't work out how to not have a login page.  The security must deny
> access unless the above is matched.

I'd just use a filter.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message