tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian McBride <>
Subject Re: interaction between .forward() and <security-constraint>
Date Sat, 04 Sep 2010 15:39:51 GMT
  Hi Charles,

Thanks for the quick answer.

On 04/09/2010 15:20, Caldarale, Charles R wrote:

> Declarative security is intentionally static;
Its not the declarative access control I want to use - I'd have liked to 
be able to resuse the authentication code ...
>   t
> This is very plainly stated in SRV.12.2:
> "The security model applies to the static content part of the web application and to
servlets and filters within the application that are requested by the client.  The security
model does not apply when a servlet uses the RequestDispatcher to invoke a static resource
or servlet using a forward or an include."

I missed that, obviously:(

Ok - now to figure out how to implement digest authentication ...

Thanks for your help.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message