IN reading a Tomcat manual, I noticed that security constraints are only applied via client interactions with the secured object. I.E., If you redirect from within a secured object to another secured object, the redirection is not authenticated. Is there a way in Tomcat to secure ALL the objects you need and only use declarative security to authorize access to your objects instead of programmatic security where you check for authorization in code??
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
