2009/1/1 <removeps-gro...@yahoo.com>: > Do you mean set session attributes? How do you do that from the client side? > >
a) You can set them in another page (an unprotected one) that is accessed before, or that redirects to this one. b) You can pass your secrets as a cookie, or as a request header. Cookies can be created on the client side. c) You can use RemoteAddrValve and block those clients that should not know about your service. d) You can throw away all the security constraints from web.xml and use alternative approaches, e.g. those that implement a Filter, e.g. securityfilter ([1]), that is ofter mentioned on this list and should be easy to adopt, or some others [1] http://securityfilter.sourceforge.net/ Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
