I need to implement fine-grained security access, so it looks to me like
"Programmatic Security" (Servlet spec 12.3) is called for. I want to recieve
the request in my servlet, then decide what access rights are needed for it.
In this case, if I understand correctly, the "user must already be
authenticated" means that they have tried to access a Tomcat-protected page (eg a
login page), have been successfully authenticated by Tomcat, and further requests are
returning the JSESSION cookie that was assigned during authentication.
Is that right? Is there some other way the req.getRemoteUser() could return
non-null?
Is there some way that I can programatically trigger Tomcat to initiate the authentication process?
Thanks for any help...
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
