| -----Original Message-----
| From: Alexander Wallace [mailto:[EMAIL PROTECTED]]
| Sent: Saturday, August 10, 2002 7:56 AM
| To: Tomcat Users List
| Subject: Re: Problems with <url-pattern>*
|
| Ok, but what I mean by access rights are a set of very custom
| permissions (existing in a database table) givent to different roles
| asigned to users of my web app, is that also handled by filters?
You will want to look at using a JdbcRealm which will take care of that
for you. Realms are the new standard for handling user roles.
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRea
lm
Otherwise you can do a filter like Craig mentioned which acts as an
intermediary before requests hit your servlet or pages in the first
place.
http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html
|
| Also, at this point I my servlet does receive requests (let's say
| /login) and checks if the users (in this case by providing an id in
the
| url) is trying to log in into a valid "company" in the web app, and if
| so, I use a forward to a jsp that actually shows the login form and
| let's them log in. I'm not sure if you meant I was not going to be
able
| to serve anyghing from my servlet, but i do.
I think the assumption was that you were binding to just "/" not
"/login". If you just do "/" then you will run into major issues as
Craig mentioned.
|
| I'm I all confused then? I'm sorry if i sound too newbie... I am tho
:/
-Jake
|
| On Sat, 2002-08-10 at 18:59, Craig R. McClanahan wrote:
| >
| >
| > On 10 Aug 2002, Alexander Wallace wrote:
| >
| > > Date: 10 Aug 2002 12:17:03 +0100
| > > From: Alexander Wallace <[EMAIL PROTECTED]>
| > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
| > > To: Tomcat Users List <[EMAIL PROTECTED]>
| > > Subject: Re: Problems with <url-pattern>*
| > >
| > > What I need to be able to do is to make sure, that every request,
for
| > > any page has enought rights to view the page and use it, So i
thought
| of
| > > using a servlet as a controller. If I understand correctly what
you
| > > talked about in this and your previous post, using the servlet
mapping
| > > to "/" will not work at some point.
| > >
| > > I'm not that experienced yet in these matters, could you ilustrate
to
| me
| > > a bit why this won't cut it?
| > >
| >
| > Using a *servlet* for your purpose (checking access rights) will not
| work
| > at all -- see my previous post for why you should use a Filter
instead.
| >
| > The problem with the "/" mapping in particular is that this mapping
is
| > assigned, by default, to a servlet that serves static content. So,
when
| > you make a request to a URL like:
| >
| > http://localhost:8080/myapp/index.html
| >
| > you generally won't have a servlet mapped to this -- and Tomcat
assigns
| it
| > to the default file-serving servlet, which serves the "/index.html"
| static
| > resource from your web application for you.
| >
| > If you map a servlet to "/", you have just *replaced* the standard
| > processing, because Tomcat will map the request to your servlet
instead
| of
| > the standard one. Now, let's assume that the user has the rights
they
| > need to access that resource and you want to let them have it. What
| > should your rights-checking servlet do?
| >
| > That's right ... you're stuck. There is no way to ask Tomcat to
serve
| the
| > resource, because there is no longer any mapping for the default
| > file-serving servlet.
| >
| > The answer is to use a Filter instead, because a Filter can examine
a
| > request *before* it is given to a servlet, and either intercept it
(not
| > enough access rights) or pass it on (access rights are fine).
| >
| > Do some google searches on "servlet filter" and you will find
pointers
| to
| > some articles about how they work.
| >
| > > Thank you!
| >
| > Craig
| >
| >
| > >
| > > On Sat, 2002-08-10 at 00:40, Craig R. McClanahan wrote:
| > > >
| > > >
| > > > On Fri, 9 Aug 2002, Todd Kaplinger wrote:
| > > >
| > > > > Date: Fri, 09 Aug 2002 17:43:36 -0400
| > > > > From: Todd Kaplinger <[EMAIL PROTECTED]>
| > > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
| > > > > [EMAIL PROTECTED]
| > > > > To: [EMAIL PROTECTED]
| > > > > Subject: Re: Problems with <url-pattern>*
| > > > >
| > > > > define a servlet mapping of just "/". this is the default
servlet
| mapping.
| > > >
| > > > That's still not going to work for what the proposed use case
was --
| > > > because you've just disabled the default file-serving servlet
that
| serves
| > > > static content.
| > > >
| > > > Craig
| > > >
| > > >
| > > > --
| > > > To unsubscribe, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| > > > For additional commands, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| > > >
| > >
| > >
| > >
| > > --
| > > To unsubscribe, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| > > For additional commands, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| > >
| > >
| >
| >
| > --
| > To unsubscribe, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| > For additional commands, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| >
|
|
|
| --
| To unsubscribe, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
| For additional commands, e-mail: <mailto:tomcat-user-
| [EMAIL PROTECTED]>
|
| ---
| Incoming mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
|
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
