Well, I don't know about this , but What is the "URLRewrite" filter ? A Servlet filter ?
You can try to write a Valve and test if it works. I think it's processed before calling container code. Maybe ... Or to configure a proxy web to rewrite . I did't make this before, but I know it's possible. If I find some info about this, I send it to you Bye 2011/12/21 Jerry Malcolm <2ndgenfi...@gmail.com>: > I structure my webapps with different JSP folders for different user role > access, and define the folder patterns in web.xml for each role access. > This has worked for many years in my webapps. But in the interest of > getting cleaner URLs, I've written a URLRewrite filter. The rewrite filter > is correctly rewriting the URLs and forwarding the requests. But I just > noticed something I hadn't counted on. The security constraints no longer > apply to the call to the rewritten URLs from the filter. In other words, > JSPs in /jsp/admin folder are configured to require "admin" role. But I > can call a JSP from inside the filter to /jsp/admin/myadmintask.jsp and no > security challenge occurs. > > I guess this makes sense to me. I just wasn't expecting it. I assume that > the security constraint now applies to the pattern that come INTO the > filter. So instead of constraining /jsp/myadmintask/*.jsp in web.xml, I > now need to constrain the inbound url "/doadmin". Is that correct? > > I just need some education here. Is it correct that should map all of the > URL patterns that come INTO the rewrite filter? Alternatively, is there > some way for me to do the requestdispatcher.forward call from the filter, > and tell it to honor security constraints on the folder structure like it > worked prior to adding the rewrite function? > > Thanks. > > Jerry --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
