do it like list below,then the client could only submit his request by the
POST method
Example Security Constraint
Protected Area
yourProtectedDir/*.jsp
DELETE
GET
PUT
_
in each page.
Murray
-Original Message-
From: Morten Andersen [mailto:[EMAIL PROTECTED]
Sent: Friday, 26 September 2003 20:33
To: Tomcat Users List
Subject: Re: Authentication - based on request parameters
Here is my requirements for the security mechanism:
The whole thing is about maki
sers List" <[EMAIL PROTECTED]>
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based on request parameters
> Why is that a security-issue?
> I wan't the user to enter the site by cliking on a link or whatever, so
> that the user enters the site using t
sage -
From: "Morten Andersen" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based on request parameters
> Why is that a security-issue?
> I wan't the user to enter
Why is that a security-issue?
I wan't the user to enter the site by cliking on a link or whatever, so
that the user enters the site using that request. It should be OK, that the
user tryes to go to a restricted page by writing
blabla:8080/MyApp/restrictedRequest.action?site=JustAGuess
But if th
me is
unique for this purpose.
regards
sat
- Original Message -
From: "Morten Andersen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 26, 2003 5:01 PM
Subject: Authentication - based on request parameters
> I've developed a authentication mech
Morten,
HttpServletRequest is simply an interface. If you wanted to subclass it,
you would have to implement every member of the interface. However, you
could do this easily enough by passing every method that you didn't want to
implement to the original request object, for example:
public clas
I've developed a authentication mechanism on my own because I could not
figure out how to make authentication based on some request - parameters.
This is what I've implemented:
Whenever the user makes a request, the "site" parameter plus the path is
used to figure out whether the user has the r