Check out Filters and stick an authorization filter in front of your restricted URLs
/Will ----- Original Message ----- From: "Steve Vanspall" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 3:56 PM Subject: Restrict access to JSP's/URL's > Hi there, > > I am using Tomcat 4.1.12 and Strut1.1-b2 (it think that's the struts > version) > > anyway, I can see that Tomcat has a tomcat-users.xml file. This file, as I > understand, can restrict access according to a the user-level. > > What I want to know is, is there a way to restrict access to the url/jsp's > according to a dynamically retrieved user level. > > e.g. All our user login id's and passwords are stored in our database. In a > similar table they have a role_cde attributed to them. > > Both these beans are stord in the session when someone logs in. > > Can I restrict access to certain actions/jsp's similarly to the way > tomcat-user.xml is used to restrict access? > > better yet, is there a non container-specific way to do it. > > I would rather not code my own xml file, if there is already something built > in to the architecture I have running. > > Any help would be appreciated > > Steve Vanspall > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
