programmatic security instead of / in addition to
container managed security.
Thanks for your time.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail
making a copy. Thank you.
- Original Message - From: John Caron [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Tuesday, June 27, 2006 9:01 PM
Subject: Programmatic Security
I need to implement fine-grained security access, so it looks to me
like
on a per-dataset basis. This more or less rules out having Tomcat controlling access through the URL pattern. So I think I need Programmatic Security.
When a request comes in, I can quickly determine what access constraint (if any) is needed. I was planning on using the standard Tomcat security roles
On Wednesday 28 June 2006 14:05, John Caron wrote:
I assume I need to get a session established, so that the authorization
need only be done once. It would also be nice if I recieve a
unauthorized request, that I could pass it to Tomcat's 401 challenge and
authentication mechanism. However,
I need to implement fine-grained security access, so it looks to me like
Programmatic Security (Servlet spec 12.3) is called for. I want to recieve
the request in my servlet, then decide what access rights are needed for it.
In this case, if I understand correctly, the user must already
[EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Tuesday, June 27, 2006 9:01 PM
Subject: Programmatic Security
I need to implement fine-grained security access, so it looks to me like
Programmatic Security (Servlet spec 12.3) is called for. I want to
recieve the request in my