Maurice, Maurice Yarrow wrote: > So what I would like to know how to do is how to programmatically > bypass web.xml-based authorization and impose this authorization > on a access-case-by-case but take advantage of applying > the induced security contraint to any URL pattern desired (Chuck's > wording) ?
IIRC, web.xml-based authentication is pretty much all-or-nothing. You can protect /some/ pages using that mechanism (say, those that allow your users to administer their own galleries), and then leave the browsing capabilities "completely open" according to web.xml, but then use your own servlet(s) to impose further restrictions. -chris
signature.asc
Description: OpenPGP digital signature
