Most thorough, thanks!
--- On Thu, 1/1/09, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > From: Konstantin Kolinko <knst.koli...@gmail.com> > Subject: Re: How can the login page see parameters in the original request? > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Thursday, January 1, 2009, 3:53 PM > 2009/1/1 <removeps-gro...@yahoo.com>: > > Do you mean set session attributes? How do you do > that from the client side? > > > > > > a) You can set them in another page (an unprotected one) > that is > accessed before, > or that redirects to this one. > > b) You can pass your secrets as a cookie, or as a request > header. Cookies > can be created on the client side. > > c) You can use RemoteAddrValve and block those clients that > should not > know about your service. > > d) You can throw away all the security constraints from > web.xml and use > alternative approaches, e.g. those that implement a Filter, > e.g. > > securityfilter ([1]), that is ofter mentioned on this list > and should be easy > to adopt, or some others > > [1] http://securityfilter.sourceforge.net/ > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
