-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
On 3/4/2009 11:23 AM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: security-constraint in conf/web.xml >> >> sf is expected to be used from within a web application, so >> it has to be deployed along with the webapp. So, the WAR file >> would have to be modified in this case. > > Sorry, I was under the impression that one could place the security config > outside of the webapp when using SecurityFilter; is that not the case? No, securityfilter is implemented as a javax.servlet.Filter, so it's got to be applied to the application itself. I suppose you could add its definition to conf/web.xml but then the OP would be in the same predicament: all web applications would go through the filter. It's unclear to me where the configuration file for sf would go at that point... since it expects to load it from the "starting" webapp. Perhaps each web application would load its own? I dunno. Our next version of sf should be Valve-able, which might open up other opportunities. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmuw3QACgkQ9CaO5/Lv0PCz6QCdHx/OEm6fAjxGU4dGoWxyk7VA /A4AoKN+DxIrKgsctjsIZBA8qXfz9pst =1Nv/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
