Its cool having authorisation restrictions enforced when accessing a page but it would also be useful to query these restrictions when choosing to offer a link in other pages.
I have an implementation which offers this query capability based on a hack of Tomcat authorisation code. The method signature is: boolean canIAccess(String url, String method, HttpServletRequest currentRequest, ServletContext context) Is this sort of thing worth rolling into Tomcat somewhere? Without such a feature you effectively end up declaring security restrictions twice - once in web.xml declarations and once in pages that choose to offer links to these secured pages. Cheers Mark Harwood -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>