Hi
I am looking for ways to bypass CMA in one case which requires an
anonymous user to view some data.
1. I am trying to use
public class RequestWrapper extends HttpServletRequestWrapper{
private HttpServletRequest request;
public RequestWrapper( HttpServletRequest req ){
super( req );
}
public boolean isUserInRole( String role ){
return true;
}
}
I know that this is one approach. How would this work if I were using a
servlet filter ? I'd like to know how to use this to fool CMA.
2. The other approach is to use multiple security constraints in web.xml
I have a problem again.
How can I use URL pattern matching for /switch.do?prefix=/x&page=/x.do ?
I am using modules.
I want to move it into a separate security constraint section without
roles.
Appreciate help. Is what I am trying to do feasible ?
Mohan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
