MOHAN RADHAKRISHNAN wrote:
I am sending this once more. Sorry if you have already seen this.
Mohan
-----Original Message----- From: MOHAN RADHAKRISHNAN [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 9:04 PM To: [EMAIL PROTECTED] Subject: override isUserInRole
Hi I am looking for ways to bypass CMA in one case which requires an anonymous user to view some data.
1. I am trying to use
public class RequestWrapper extends HttpServletRequestWrapper{
private HttpServletRequest request;
public RequestWrapper( HttpServletRequest req ){ super( req ); }
public boolean isUserInRole( String role ){ return true; } }
I know that this is one approach. How would this work if I were using a servlet filter ? I'd like to know how to use this to fool CMA.
2. The other approach is to use multiple security constraints in web.xml
I have a problem again.
How can I use URL pattern matching for /switch.do?prefix=/x&page=/x.do ? I am using modules.
I want to move it into a separate security constraint section without roles.
Appreciate help. Is what I am trying to do feasible ?
Mohan
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
