On Sat, 15 Jun 2002, Les Hughes wrote:
> Date: Sat, 15 Jun 2002 08:32:53 +0100
> From: Les Hughes <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: 'Tomcat Users List' <[EMAIL PROTECTED]>
> Subject: RE: front controller patte
> Sent: 14 June 2002 09:00
> To: Tomcat Users List
> Subject: Re: front controller pattern and security
>
>
> John Gregg wrote:
>
> > Hi all.
> >
> > I've been thinking about how the j2ee front controller
> pattern (used by
> > Struts et al.) does/d
John Gregg wrote:
> Hi all.
>
> I've been thinking about how the j2ee front controller pattern (used by
> Struts et al.) does/does not take advantage of url-based authorization
> constraints in web.xml. I want to avoid having to check roles in my own
> code as much as possible. At first I thou
On Thu, 13 Jun 2002, John Gregg wrote:
> Date: Thu, 13 Jun 2002 10:44:15 -0500
> From: John Gregg <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: front controller pattern and secu
Hi all.
I've been thinking about how the j2ee front controller pattern (used by
Struts et al.) does/does not take advantage of url-based authorization
constraints in web.xml. I want to avoid having to check roles in my own
code as much as possible. At first I thought I could declare a URL like
