Re: Configuring Security URLs (realm)

afterz Fri, 13 Dec 2002 03:42:26 -0800

OK! ;)
Thanks everybody, I will look for alternatives. But I will
 probably add a feature of resource(URI) with the user and
 passwd. Then use filter to complement the authorization.


On Fri, 13 Dec 2002 01:55:56 -0800
"Bill Barker" <[EMAIL PROTECTED]> wrote:
>Probably easier is to just check the condition in your
> Servlet and/or
>Filter:
>  String st = (String)request.getParameter("STATE");
>  if( st == null) {
>     response.sendError( 401, "No State");
>     return;
>  }
>  int state=-1;
>  try {
>     state = Integer.parseInt(st);
>  } catch(NumberFormatExecption nfe) {
>     response.sendError(401, "Not Authenticated");
>     return;
> }
> if( !validState(state) ) { // your code to validate the
> STATE param.
>   response.sendError(403, "Hackers not welcome");
>   return;
> }
> // Your code here.
>
>"Jeanfrancois Arcand" <[EMAIL PROTECTED]> wrote in
> message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> No. You cannot (it's against the Servlet spec). If you
> realy needs it,
>> you can download Tomcat code and customizes
>> o.a.c.authenticator.AuthenticatorBase.invoke in Tomcat
> 4, and
>> o.a.c.realm.RealmBase.hasResourcePermission in Tomcat 5.
>>
>> -- Jeanfrancois
>>
>> [EMAIL PROTECTED] wrote:
>>
>> >Hi,
>> >I want to know if there is a way to manage
> authorization to
>> > URL + Parameters.
>> >I am using servlets and states to identify the action
> in my
>> > programs, so this is very important.
>> >
>> >For now I am using this XML:
>> >
>> ><security-constraint>
>> >  <web-resource-collection>
>> >    <web-resource-name>Sample
> Airlines</web-resource-name>
>> >
>
    <url-pattern>/servlet/examples.reservaVoos.Servlet</url-pattern>
>> >  </web-resource-collection>
>> >  <auth-constraint>
>> >    <role-name>manager</role-name>
>> >  </auth-constraint>
>> ></security-constraint>
>> >
>> >I need something like:
>> >  ...
>> >
><url-pattern>/servlet/examples.reservaVoos.Servlet?STATE=0</url-pattern>
>> >  ...
>> >
>> >Is there a way to do that???
>> >Thanks.
>> >________________________________________________
>> >Don't E-Mail, ZipMail! http://www.zipmail.com/
>> >
>> >--
>> >To unsubscribe, e-mail:
><mailto:[EMAIL PROTECTED]>
>> >For additional commands, e-mail:
><mailto:[EMAIL PROTECTED]>
>> >
>> >
>> >
>> >
>
>
>
>
>
>--
>To unsubscribe, e-mail:
>   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>

________________________________________________
Don't E-Mail, ZipMail! http://www.zipmail.com/

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Configuring Security URLs (realm)

Reply via email to