Ok, but what I mean by access rights are a set of very custom permissions (existing in a database table) givent to different roles asigned to users of my web app, is that also handled by filters?
Also, at this point I my servlet does receive requests (let's say /login) and checks if the users (in this case by providing an id in the url) is trying to log in into a valid "company" in the web app, and if so, I use a forward to a jsp that actually shows the login form and let's them log in. I'm not sure if you meant I was not going to be able to serve anyghing from my servlet, but i do. I'm I all confused then? I'm sorry if i sound too newbie... I am tho :/ On Sat, 2002-08-10 at 18:59, Craig R. McClanahan wrote: > > > On 10 Aug 2002, Alexander Wallace wrote: > > > Date: 10 Aug 2002 12:17:03 +0100 > > From: Alexander Wallace <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: Tomcat Users List <[EMAIL PROTECTED]> > > Subject: Re: Problems with <url-pattern>* > > > > What I need to be able to do is to make sure, that every request, for > > any page has enought rights to view the page and use it, So i thought of > > using a servlet as a controller. If I understand correctly what you > > talked about in this and your previous post, using the servlet mapping > > to "/" will not work at some point. > > > > I'm not that experienced yet in these matters, could you ilustrate to me > > a bit why this won't cut it? > > > > Using a *servlet* for your purpose (checking access rights) will not work > at all -- see my previous post for why you should use a Filter instead. > > The problem with the "/" mapping in particular is that this mapping is > assigned, by default, to a servlet that serves static content. So, when > you make a request to a URL like: > > http://localhost:8080/myapp/index.html > > you generally won't have a servlet mapped to this -- and Tomcat assigns it > to the default file-serving servlet, which serves the "/index.html" static > resource from your web application for you. > > If you map a servlet to "/", you have just *replaced* the standard > processing, because Tomcat will map the request to your servlet instead of > the standard one. Now, let's assume that the user has the rights they > need to access that resource and you want to let them have it. What > should your rights-checking servlet do? > > That's right ... you're stuck. There is no way to ask Tomcat to serve the > resource, because there is no longer any mapping for the default > file-serving servlet. > > The answer is to use a Filter instead, because a Filter can examine a > request *before* it is given to a servlet, and either intercept it (not > enough access rights) or pass it on (access rights are fine). > > Do some google searches on "servlet filter" and you will find pointers to > some articles about how they work. > > > Thank you! > > Craig > > > > > > On Sat, 2002-08-10 at 00:40, Craig R. McClanahan wrote: > > > > > > > > > On Fri, 9 Aug 2002, Todd Kaplinger wrote: > > > > > > > Date: Fri, 09 Aug 2002 17:43:36 -0400 > > > > From: Todd Kaplinger <[EMAIL PROTECTED]> > > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > > > > [EMAIL PROTECTED] > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: Problems with <url-pattern>* > > > > > > > > define a servlet mapping of just "/". this is the default servlet mapping. > > > > > > That's still not going to work for what the proposed use case was -- > > > because you've just disabled the default file-serving servlet that serves > > > static content. > > > > > > Craig > > > > > > > > > -- > > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
