I am attempting to apply access controls (via Basic Authentication) on a single servlet that can be invoked via 2 different URLs. The web server in use is IIS. With reference to Allaire's knowledge base article 12404 (http://www2.allaire.com/Handlers/index.cfm?ID=12404&Method=Full) on servlet authentication with IIS, here is a description: I have a single servlet called "Foo", say, to which I wish to control access. On the server (IIS), there is a zero-size proxy file named Foo.jrun in each of two directories, each with different NT access permissions applied to it. It looks like this: .../dir1/Foo.jrun and .../dir2/Foo.jrun. When a browser invokes the Foo.jrun in dir1 it is correcvtly authenticated by IIS. However, that user can then also access the Foo.jrun in the dir2 directory, even though at the OS level the permissions on that file do not allow it. It would seem to me that some part of the previous request is being cached by IIS somewhere, or by the jrun.dll. Has anyone had experience with applying access controls via IIS to servlets. I havbe searched the literature widely for a reason for this problem, but to no avail. I would appreciate any pointers on this issue. Thankyou, Leon Wende Senior Software Engineer ADI Limited, Australia ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
