> > In your code, you would examine the Principal & see if it had permission > to proceed. Then return the resource or an error, accordingly. >
On my way , I would put "your code that examine the Principal & see if it had permission " into a custom realm class. This custom realm can check only user authorization , no role This way, you avoid to have to implement a redirection manually --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
