Probably easier is to just check the condition in your Servlet and/or Filter: String st = (String)request.getParameter("STATE"); if( st == null) { response.sendError( 401, "No State"); return; } int state=-1; try { state = Integer.parseInt(st); } catch(NumberFormatExecption nfe) { response.sendError(401, "Not Authenticated"); return; } if( !validState(state) ) { // your code to validate the STATE param. response.sendError(403, "Hackers not welcome"); return; } // Your code here.
"Jeanfrancois Arcand" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No. You cannot (it's against the Servlet spec). If you realy needs it, > you can download Tomcat code and customizes > o.a.c.authenticator.AuthenticatorBase.invoke in Tomcat 4, and > o.a.c.realm.RealmBase.hasResourcePermission in Tomcat 5. > > -- Jeanfrancois > > [EMAIL PROTECTED] wrote: > > >Hi, > >I want to know if there is a way to manage authorization to > > URL + Parameters. > >I am using servlets and states to identify the action in my > > programs, so this is very important. > > > >For now I am using this XML: > > > ><security-constraint> > > <web-resource-collection> > > <web-resource-name>Sample Airlines</web-resource-name> > > <url-pattern>/servlet/examples.reservaVoos.Servlet</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>manager</role-name> > > </auth-constraint> > ></security-constraint> > > > >I need something like: > > ... > > <url-pattern>/servlet/examples.reservaVoos.Servlet?STATE=0</url-pattern> > > ... > > > >Is there a way to do that??? > >Thanks. > >________________________________________________ > >Don't E-Mail, ZipMail! http://www.zipmail.com/ > > > >-- > >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>