--- John Caron <[EMAIL PROTECTED]> wrote:
> I guess im fishing around for anyone who has thought
> about or
> implemented "programmatic security" instead of / in
> addition to
> "container managed security".
>
> Thanks for your time.
>
Jo
ven when
I "already know" some of the details.
I guess im fishing around for anyone who has thought about or
implemented "programmatic security" instead of / in addition to
"container managed security".
Thanks for your time.
---
On Wednesday 28 June 2006 14:05, John Caron wrote:
> I assume I need to get a session established, so that the authorization
> need only be done once. It would also be nice if I recieve a
> unauthorized request, that I could pass it to Tomcat's 401 challenge and
> authentication mechanism. Howev
ess constraints on a per-dataset basis. This more or less rules out having Tomcat controlling access through the URL pattern. So I think I need "Programmatic Security".
When a request comes in, I can quickly determine what access constraint (if any) is needed. I was planning on using the
he sender immediately by telephone or email and destroy the original
> message without making a copy. Thank you.
>
> - Original Message - From: "John Caron" <[EMAIL PROTECTED]>
> To: "Tomcat Users List"
> Sent: Tuesday, June 27, 2006 9:01 PM
Caron" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, June 27, 2006 9:01 PM
Subject: Programmatic Security
I need to implement fine-grained security access, so it looks to me like
"Programmatic Security" (Servlet spec 12.3) is called for. I want to
rec
I need to implement fine-grained security access, so it looks to me like
"Programmatic Security" (Servlet spec 12.3) is called for. I want to recieve
the request in my servlet, then decide what access rights are needed for it.
In this case, if I understand correctly, the "user
