Custom tag? That's how I do about 50% of my security. --mikej -=----- mike jackson [EMAIL PROTECTED]
> -----Original Message----- > From: Doug Redd [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 06, 2003 3:09 PM > To: Tomcat Users List > Subject: Pre-authorize a link? > > > Is there any way to make a call such as "authorize(user, resource)" that > returns a boolean to indicate if the user is authorized? I am looking > for a way to programmatically either include or exclude a link on a page > depending on whether the authenticated user is authorized to access the > link's destination. > > I have a JNDI realm configured and the relevant <security-constraint> > entries and they work great when going to the page directly. However, > in the page that references the protected page I only want to display > the link if the user is authorized to view it, so that they won't get > the "403 - Access to the requested resource has been denied" error if > they click on it. > > Does anyone have any ideas on how to do this in Tomcat 4.*? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
