Most thorough, thanks!
--- On Thu, 1/1/09, Konstantin Kolinko <[email protected]> wrote: > From: Konstantin Kolinko <[email protected]> > Subject: Re: How can the login page see parameters in the original request? > To: "Tomcat Users List" <[email protected]> > Date: Thursday, January 1, 2009, 3:53 PM > 2009/1/1 <[email protected]>: > > Do you mean set session attributes? How do you do > that from the client side? > > > > > > a) You can set them in another page (an unprotected one) > that is > accessed before, > or that redirects to this one. > > b) You can pass your secrets as a cookie, or as a request > header. Cookies > can be created on the client side. > > c) You can use RemoteAddrValve and block those clients that > should not > know about your service. > > d) You can throw away all the security constraints from > web.xml and use > alternative approaches, e.g. those that implement a Filter, > e.g. > > securityfilter ([1]), that is ofter mentioned on this list > and should be easy > to adopt, or some others > > [1] http://securityfilter.sourceforge.net/ > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: > [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
