tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Token Security
Date Wed, 11 Nov 2009 21:51:52 GMT
John Morrison wrote:
> Hi,
> 
> I've been asked to put some security in place for a website, at the moment
> there are two requirements with a possible extension;
> 
> 1) The referer must be XXX (configurable)
> 2) There must be a token passed either GET or POST in the URL which
> matches some internally generated code.
> 
> The possible extension would be the token passed in would be sent to
> (another) webserver for validation.
> 
> I've been looking at this, and I *think* that I need to add a JAAS realm,
> but I can't work out how to not have a login page.  The security must deny
> access unless the above is matched.

I'd just use a filter.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message