wrote:
On Thu, 9 Jan 2003, Tim Funk wrote:
Date: Thu, 09 Jan 2003 21:15:12 -0500
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: Authentication and Filters
Is there a chance (or worthwhile) that in Servlet API 2.5
AM
| To: Tomcat Users List
| Subject: Re: Authentication and Filters
|
| I meant 2.5 since changes to 2.4 are closed from my position in the
dev
| community.
|
| My point is only the incoming request is protected by the security
| constraint in web.xml. It may be nice to allow the programmer
'
Subject: RE: Authentication and Filters
Authentication aside, does the servlet container work such that an
include or RD operation has the option of passing through the filter?
If so, as of which release?
Best Regards,
Jacob
| -Original Message-
| From: Tim Funk [mailto:[EMAIL
Filters are only performed on the incoming request. So the filter chain
is executed once and only once per request.
There is an option in the 2.4 Servlet API to allow filter chains to be
invoked on .includes() and .forwards().
See section 6.2.5 of the Servlet 2.4 Spec for more details.
Tomcat
my:include page=/code.html/
Included file ends here
/body
/html
-AAron
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: Authentication and Filters
Date: Fri, 10 Jan 2003 09:52:29 -0500
Filters are only performed
On Fri, 10 Jan 2003, Jacob Hookom wrote:
Date: Fri, 10 Jan 2003 08:37:06 -0600
From: Jacob Hookom [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: Authentication and Filters
Authentication aside, does the servlet
On Thu, 9 Jan 2003, Jeffrey Winter wrote:
Date: Thu, 9 Jan 2003 19:25:37 -0500
From: Jeffrey Winter [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Authentication and Filters
I am using a Filter to do some URL rewriting.
A key rule to remember is that security constraints are applied *only* on
the original URL requested by the client -- not on RequestDispatcher
calls. I would bet you probably have /resource/* protected, but you'll
likely want to protect /user/* as well.
Thanks, this is a great help. You're
A key rule to remember is that security constraints are applied *only* on
the original URL requested by the client -- not on RequestDispatcher
calls.
On last thing, is this a part of the servlet spec, or is it left unstated
and this is just Tomcat's particular implementation?
Thanks
--
To
Is there a chance (or worthwhile) that in Servlet API 2.5 a developer
could check if an obtained RequestDispatcher would violate a security
constraint in web.xml?
For example the following new method:
RequestDispatcher.isAuthorized()
Returns true if the RequestDispatcher's url passes the
On Thu, 9 Jan 2003, Jeffrey Winter wrote:
Date: Thu, 9 Jan 2003 21:12:06 -0500
From: Jeffrey Winter [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: Authentication and Filters
A key rule to remember is that security
On Thu, 9 Jan 2003, Tim Funk wrote:
Date: Thu, 09 Jan 2003 21:15:12 -0500
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: Authentication and Filters
Is there a chance (or worthwhile) that in Servlet API
12 matches
Mail list logo