-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John,
John Caron wrote: > Instead of declaring which URLs need to be secure in web.xml, I would > like to determine this when the URL comes in, but then use Tomcat to > deal with the authentication if it is needed. Can anyone give me any > pointers on where to get started with that? There's no standard way to do this. Your options are basically to either hack around with Tomcat's authentication and authorization code (which I don't recommend), implementing your own authentication and authorization scheme (or perhaps just the authorization scheme using something like a Valve or, better yet, a Filter), or piggyback on an existing project like securityfilter (http://securityfilter.sourceforge.net). I think that the third option will get you further faster. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFrwl79CaO5/Lv0PARAq1JAJ9eEbHMO1sejY3BizqHXEv/na339ACglZiV VLNVH1GgzwUcE6d9A5r4X94= =4O/I -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
