Morten,
HttpServletRequest is simply an interface. If you wanted to subclass it,
you would have to implement every member of the interface. However, you
could do this easily enough by passing every method that you didn't want to
implement to the original request object, for example:
public
hi morten
You can very well take the power of tomcat which helps you to authenticate
in basic JDBC Realm or memory Reams or Userdatabase Realm.
and you can use the request object's method called getremoteuser() to get
the user name used for authentication by the user.Ensure the user name is
Why is that a security-issue?
I wan't the user to enter the site by cliking on a link or whatever, so
that the user enters the site using that request. It should be OK, that the
user tryes to go to a restricted page by writing
blabla:8080/MyApp/restrictedRequest.action?site=JustAGuess
But if
[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based on request parameters
Why is that a security-issue?
I wan't the user to enter the site by cliking on a link or whatever, so
that the user enters the site using that request. It should be OK
;
break;
}
}
This is simply an example, of course, and I don't know whether such a scheme
would work for you.
- Original Message -
From: Morten Andersen [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based
PROTECTED]
Sent: Friday, 26 September 2003 20:33
To: Tomcat Users List
Subject: Re: Authentication - based on request parameters
Here is my requirements for the security mechanism:
The whole thing is about making secured rooms for groups of user.
1) It should be possible to make new sites / groups
do it like list below,then the client could only submit his request by the
POST method
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
