's a good example:
http://forums.bea.com/bea/message.jspa?messageID=202433201
Oh well...
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 5:55 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - p
> It appears that there is no standard way to do this even though
> it's implied in the spec.
I don't know how standard this is but it works.
The trick is in the auth-constraint node (note the commented out
role-name).
Since it is exclusive. Not declaring a role-name for the protected
resource den
the spec.
Here's a good example:
http://forums.bea.com/bea/message.jspa?messageID=202433201
Oh well...
/robert
> -Original Message-
> From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 14, 2004 5:55 PM
> To: Tomcat Users List
> Subject: Re: [ne
Robert Taylor wrote:
Does this not imply that I can do what I am trying to do?
I suppose; I'm just baffled why you want to reinvent this particular
built-in wheel, but don't let that stop you :-)
--
Hassan Schroeder - [EMAIL PROTECTED]
Webtuitive Design === (+1) 408-938
: Tuesday, December 14, 2004 5:07 PM
> To: Tomcat Users List
> Subject: Re: [newbie] Container Managed Security - preventing direct
> access to .jsp
>
>
> Robert Taylor wrote:
> > I didn't realize that was added to the 2.4 spec.
>
> It was in 2.3, too. I'd gues
I have not run into that kind of problem before... typically if you hit
a JSP without hitting its controller first you will just get nothing (an
HTML screen with no data). when it gets routed back to the controller,
it will then register a failure due to lack of data. Problem solved.
>>> [EMAIL
From: "Hassan Schroeder" <[EMAIL PROTECTED]>
> Given that the Java" Servlet Specification Version 2.4, page 70 sez:
>
> A special directory exists within the application hierarchy
> named WEB-INF. This directory contains all things related to
> the application that aren't in the document root of th
Robert Taylor wrote:
I didn't realize that was added to the 2.4 spec.
It was in 2.3, too. I'd guess it was in the spec from the get-go,
but don't have an older copy to hand to confirm.
Even so, it would be nice to know how to use CMS to achieve this.
What is your definition of "Container Managed Se
friendly page/message when a .jsp page is requested without going through
the controller?
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 2:21 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing
endly page/message when a .jsp page is requested without going through
the controller?
/robert
> -Original Message-
> From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 14, 2004 2:21 PM
> To: Tomcat Users List
> Subject: Re: [newbie] Contai
Robert Taylor wrote:
Please let me know if this questions is just too obvious
and I'll gladly RTFM...
See below :-)
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access through
some controller. I have in the past placed .jsp
Filters are portable.
On Tue, 2004-12-14 at 12:32, Robert Taylor wrote:
> Ping...
>
> Please let me know if this questions is just too obvious
> and I'll gladly RTFM...even more. And yes, I know this list
> is not here just to serve _my_ interests.
>
> It just seems like a common idiom to prov
Ping...
Please let me know if this questions is just too obvious
and I'll gladly RTFM...even more. And yes, I know this list
is not here just to serve _my_ interests.
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access thr
Sorry. I left off some info:
Tomcat 5.0.25
Win2k
JDK1.4.2
/robert
> -Original Message-
> From: Robert Taylor [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 13, 2004 8:59 PM
> To: [EMAIL PROTECTED]
> Subject: [newbie] Container Managed Security - preventing direct access
> to .jsp
>
14 matches
Mail list logo