Excellent! This sounds just great! Thanks to all that helped!
On Mon, 2002-08-12 at 22:55, Craig R. McClanahan wrote: > > > On 12 Aug 2002, Alexander Wallace wrote: > > > Date: 12 Aug 2002 15:43:58 +0100 > > From: Alexander Wallace <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: Tomcat Users List <[EMAIL PROTECTED]> > > Subject: user's roles verification > > > > > > > > I've got (i think) Realms working. I need some advice for good > > practices... > > > > My original idea (before hearing about realms and such) was to direct > > all requests for any resource of my webapp to a servlet that would > > verify user roles. > > > > Then I was told here that i would run into a lot of problems if I did > > that. And was recomended to check filters and that realms are for this > > purpose. > > > > Here is my main question: Using realms, should each jsp verify the role > > of the user trying to access it? Or is there a more elegant way to do > > it, to keep code in jsp minimum and centralize that task? > > > > The verification will have to happen for each one of the pages in my web > > app.. > > > > Thank you in advance! > > > > Using Filters would be for if you want your app to do its own checking. > > Using Realms (as provided by Tomcat) implies that you are defining a > <security-constraint> in your web application that says, in essence, "in > order to access the following URLs, the user must be authenticated *and* > possess one of the following roles". If you are using this approach, your > app doesn't have to do a thing (other than define the security constraint > element in web.xml) -- the container does all the work for you. > > Craig > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
