Re: Bypass web.xml declarative security (sort of)
thank you, I will investigate securityfilter Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, John Caron wrote: Instead of declaring which URLs need to be secure in web.xml, I would like to determine this when the URL comes in, but then use Tomcat to deal with the authentication if it is needed. Can anyone give me any pointers on where to get started with that? There's no standard way to do this. Your options are basically to either hack around with Tomcat's authentication and authorization code (which I don't recommend), implementing your own authentication and authorization scheme (or perhaps just the authorization scheme using something like a Valve or, better yet, a Filter), or piggyback on an existing project like securityfilter (http://securityfilter.sourceforge.net). I think that the third option will get you further faster. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFrwl79CaO5/Lv0PARAq1JAJ9eEbHMO1sejY3BizqHXEv/na339ACglZiV VLNVH1GgzwUcE6d9A5r4X94= =4O/I -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bypass web.xml declarative security (sort of)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, John Caron wrote: > Instead of declaring which URLs need to be secure in web.xml, I would > like to determine this when the URL comes in, but then use Tomcat to > deal with the authentication if it is needed. Can anyone give me any > pointers on where to get started with that? There's no standard way to do this. Your options are basically to either hack around with Tomcat's authentication and authorization code (which I don't recommend), implementing your own authentication and authorization scheme (or perhaps just the authorization scheme using something like a Valve or, better yet, a Filter), or piggyback on an existing project like securityfilter (http://securityfilter.sourceforge.net). I think that the third option will get you further faster. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFrwl79CaO5/Lv0PARAq1JAJ9eEbHMO1sejY3BizqHXEv/na339ACglZiV VLNVH1GgzwUcE6d9A5r4X94= =4O/I -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bypass web.xml declarative security (sort of)
Hello: Instead of declaring which URLs need to be secure in web.xml, I would like to determine this when the URL comes in, but then use Tomcat to deal with the authentication if it is needed. Can anyone give me any pointers on where to get started with that? thanks, John Caron - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]