tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: problem with tomcat realm
Date Wed, 10 Feb 2010 19:01:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa,

On 2/10/2010 8:36 AM, aaaaaa wrote:
> When the user goes in a particular page I need to ask him a new
> authentication because this page needs more privileges (this page infact is
> only for administrators and in web.xml I specify it with a security
> constraint and role). 
> This second step is my problem. When he goes in this page only the message 
> "Access to the requested resource has been denied" appears  while I would
> like that tomcat asks him for a new login and at the same time that tomcat
> remembers the previous login when the user comes back in the other pages.

Tomcat implements container-managed security according to the Java
Servlet Specification, which does not specify the behavior above.
Instead, once a user is authenticated, their identity is considered
"known" and their roles dictate the resources they may access.

If you want the behavior you describe above, you'll have to use a
different security mechanism than the one provided by Tomcat.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktzApEACgkQ9CaO5/Lv0PCe7wCgroQrs7qdTNi0TL2foPhLfPFu
Fa4AoIv/wgCrsmVd3zdeHWy4bwmNFzcj
=9yf4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message