-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 12/10/2009 6:26 PM, André Warnier wrote: > Christopher Schultz wrote: >> >> securityfilter (http://securityfilter.sourceforge.net) can be tricked >> into doing this. Although the standard operating procedure is to map sf >> to all URLs (i.e. <url-pattern>/*</url-pattern), one can choose to map >> it to different patterns and deploy it /twice/: >> >> <filter> >> <filter-name>Security Filter BASIC</filter-name> >> >> <filter-class>org.securityfilter.filter.SecurityFilter</filter-class> >> <init-param> >> <param-name>config</param-name> >> <param-value>/WEB-INF/securityfilter-basic.xml</param-value> >> </init-param> >> </filter> >> >> <filter> >> <filter-name>Security Filter FORM</filter-name> >> >> <filter-class>org.securityfilter.filter.SecurityFilter</filter-class> >> <init-param> >> <param-name>config</param-name> >> <param-value>/WEB-INF/securityfilter-form.xml</param-value> >> </init-param> >> </filter> >> >> ... > > I did not know that securityfilter handled both Basic and Form > authentication. Is that recent ? Nope, sf has handled both of those for a long time. In fact, they are the only types of authentication it /does/ handle (i.e. no CLIENT-CERT, DIGEST). The cvs logs show that BASIC was added in early 2003 which was only shortly after the project was launched. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksiXiAACgkQ9CaO5/Lv0PB4bQCgjUOKuc4SfaG2K6B9M6jKK1Ax LjkAniHsyrAgwtBC3AqFRbOBVs3Xe0IA =1TS/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
