Andrew Stevens wrote:
Another possibility - you could always use the J2EE container-provided
security and add a security-constraint to your web.xml for
<url-pattern>/buildindex</url-pattern>. That might be simpler than
learning the authentication framework or acegi if don't need to
authenticate users in the rest of your site.
Hi Andrew,
what do you mean by "if [you] don't need to authenticate ..."?
The remoteUser property is set in the HttpRequest if a user is
authenticated and can e.g. be used for authorization (apart from the
configurational authorization you have already mentioned). Depending on
the security modul employed, additional informations are "shipped" with
each HttpRequest or set in the session.
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
