On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan <alecs...@gmail.com> wrote: > Hassan, I don't think that the goals are contradictory, because each goal > applies to its own group of users: our customer users and everybody else. > Customer users should not have to enter user name and password, but > everybody else should.
IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have "a customer who would like to put a link on a web page" to your servlet, that servlet's URL is now "in the wild" -- anyone who finds it can access it. > I am glad that you made me think about this, because maybe it is possible to > extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder ------------------------ hassan.schroe...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
