Re: Restricting resources on web server

Fri, 06 Jul 2001 07:10:12 -0700 

Hi y'all

I hope I don't repeat anything that has already been posted:

For security and access-restriction please read servlet spec 2.2,
especially the security chapters and the DeploymentDescriptor stuff
including the DD examples (there's one for Security)
There you can see, that servlet 2.2 / jsp 1.1 compliant containers
implement a role based security/access control.
It's importand to note that this is declarative security rather than
programmatic, as you declare restrictions in the DD (=web.xml).
You can even ask the container to do authentication for you. You
provide a JSP (in the DD) with certain predefined form-fieldnames (see
spec for the the names) and the compliant container should call this
page whenever you try to access a restricted resource. As far as I get
the container is even going to redirect you to your 'original'
requested resource after successfull login.
If you want to use it in tomcat, there's a very simple filebased-realm
interceptor preconfigured but commented out in the server.xml which
relies on a user->role mapping in users.xml

Hope this helps,
Peter






----- Original Message -----
From: Sampath <[EMAIL PROTECTED]>
Date: Friday, July 6, 2001 10:22 am
Subject: Re: Restricting resources on web server

> Hi,
> One way to do this is check for authentication of users and once they
> are authenticated,have an attribute in session object set to
> true.Check for this each time a jsp page is accessed.
> bye
> sam
>
>
________________________________________________________________________
___
> To unsubscribe, send email to [EMAIL PROTECTED] and include in
> the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http:
> Resources: http://java.sun.com/products/servlet/external-
> resources.htmlLISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to