Chris, Chuck
(Yeah, uh, pretty much what you are saying below, Chris)
Yes, I looked at the how-to for realm-based authentication
and also several of the org.apache.catalina.realm.*, and in
particular at org.apache.cataline.real.JDBCRealm api's.
The realm authentication and authorization mechanism can
be adapted for my purposes but only up to a point. For example,
I can treat galleries as if they were users, and then associate
a role (private, pub, passwd) and a password or null password,
depending, The JDBCRealm could be used to constantly update
the associated permissions for galleries, as required, etc.
BUT: the finest granularity for what can be accessed in this
mechanism is by servlet, not by the path info (getPathInfo())
of the URI. (Remember, realm based authentic. allows access
control based on the enclosing Engine, Host, Context, or Wrapper,
a Wrapper being a servlet.)
So, for my purpose, this is not satisfactory, and would still
require at least the second half of the mechanism I have
already built for specifying what can be accessed and where
and how access must be prevented, when that is required.
Nevertheless, I appreciate you gentlemen having pointed
me to this possibility. It was enlightening.
Maurice Yarrow
Christopher Schultz wrote:
Maurice,
Maurice Yarrow wrote:
So what I would like to know how to do is how to programmatically
bypass web.xml-based authorization and impose this authorization
on a access-case-by-case but take advantage of applying
the induced security contraint to any URL pattern desired (Chuck's
wording) ?
IIRC, web.xml-based authentication is pretty much all-or-nothing. You
can protect /some/ pages using that mechanism (say, those that allow
your users to administer their own galleries), and then leave the
browsing capabilities "completely open" according to web.xml, but then
use your own servlet(s) to impose further restrictions.
-chris
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
