Probably easier is to just check the condition in your Servlet and/or
Filter:
String st = (String)request.getParameter("STATE");
if( st == null) {
response.sendError( 401, "No State");
return;
}
int state=-1;
try {
state = Integer.parseInt(st);
} catch(NumberFormatExecption nfe) {
response.sendError(401, "Not Authenticated");
return;
}
if( !validState(state) ) { // your code to validate the STATE param.
response.sendError(403, "Hackers not welcome");
return;
}
// Your code here.
"Jeanfrancois Arcand" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> No. You cannot (it's against the Servlet spec). If you realy needs it,
> you can download Tomcat code and customizes
> o.a.c.authenticator.AuthenticatorBase.invoke in Tomcat 4, and
> o.a.c.realm.RealmBase.hasResourcePermission in Tomcat 5.
>
> -- Jeanfrancois
>
> [EMAIL PROTECTED] wrote:
>
> >Hi,
> >I want to know if there is a way to manage authorization to
> > URL + Parameters.
> >I am using servlets and states to identify the action in my
> > programs, so this is very important.
> >
> >For now I am using this XML:
> >
> ><security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Sample Airlines</web-resource-name>
> > <url-pattern>/servlet/examples.reservaVoos.Servlet</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>manager</role-name>
> > </auth-constraint>
> ></security-constraint>
> >
> >I need something like:
> > ...
> >
<url-pattern>/servlet/examples.reservaVoos.Servlet?STATE=0</url-pattern>
> > ...
> >
> >Is there a way to do that???
> >Thanks.
> >________________________________________________
> >Don't E-Mail, ZipMail! http://www.zipmail.com/
> >
> >--
> >To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
> >
> >
> >
> >
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
