Thanks. Will be doing that.
What I was wondering is, is there anything built into tomcat to allow me to get say a security level of a certain action. That way seeing if it matches the users security level. Or will I need to make another xml file of my own to configure each action, and which roles can access it? regards Steve Vanspall -----Original Message----- From: Will Hartung [mailto:[EMAIL PROTECTED]] Sent: Friday, 6 December 2002 11:18 AM To: Tomcat Users List Subject: Re: Restrict access to JSP's/URL's Check out Filters and stick an authorization filter in front of your restricted URLs /Will ----- Original Message ----- From: "Steve Vanspall" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 3:56 PM Subject: Restrict access to JSP's/URL's > Hi there, > > I am using Tomcat 4.1.12 and Strut1.1-b2 (it think that's the struts > version) > > anyway, I can see that Tomcat has a tomcat-users.xml file. This file, as I > understand, can restrict access according to a the user-level. > > What I want to know is, is there a way to restrict access to the url/jsp's > according to a dynamically retrieved user level. > > e.g. All our user login id's and passwords are stored in our database. In a > similar table they have a role_cde attributed to them. > > Both these beans are stord in the session when someone logs in. > > Can I restrict access to certain actions/jsp's similarly to the way > tomcat-user.xml is used to restrict access? > > better yet, is there a non container-specific way to do it. > > I would rather not code my own xml file, if there is already something built > in to the architecture I have running. > > Any help would be appreciated > > Steve Vanspall > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
