73 messages in org.apache.tomcat.usersRE: Authentication and Filters| From | Sent On | Attachments |
|---|---|---|
| Kevin Wilson | Jan 7, 2003 8:47 am | |
| Jason Pyeron | Jan 7, 2003 9:08 am | |
| Turner, John | Jan 7, 2003 9:14 am | |
| Jason Pyeron | Jan 7, 2003 9:26 am | |
| Kevin Wilson | Jan 7, 2003 9:33 am | |
| Jason Pyeron | Jan 7, 2003 9:41 am | |
| Turner, John | Jan 7, 2003 10:00 am | |
| Rasputin | Jan 7, 2003 10:55 am | |
| Jason Pyeron | Jan 7, 2003 12:40 pm | |
| Jason Pyeron | Jan 7, 2003 12:47 pm | |
| Turner, John | Jan 7, 2003 12:58 pm | |
| neal | Jan 8, 2003 1:50 am | |
| Turner, John | Jan 8, 2003 7:15 am | |
| neal | Jan 8, 2003 12:54 pm | |
| neal | Jan 8, 2003 12:55 pm | |
| Turner, John | Jan 8, 2003 1:03 pm | |
| neal | Jan 8, 2003 1:34 pm | |
| Gary Gwin | Jan 8, 2003 2:34 pm | |
| neal | Jan 8, 2003 2:46 pm | |
| Turner, John | Jan 8, 2003 3:24 pm | |
| neal | Jan 8, 2003 3:44 pm | |
| Turner, John | Jan 8, 2003 3:51 pm | |
| neal | Jan 8, 2003 3:55 pm | |
| Turner, John | Jan 8, 2003 5:33 pm | |
| Craig R. McClanahan | Jan 8, 2003 6:06 pm | |
| neal | Jan 8, 2003 6:28 pm | |
| Noel J. Bergman | Jan 8, 2003 6:33 pm | |
| Turner, John | Jan 8, 2003 7:19 pm | |
| Turner, John | Jan 8, 2003 7:26 pm | |
| Craig R. McClanahan | Jan 8, 2003 7:35 pm | |
| neal | Jan 8, 2003 11:06 pm | |
| neal | Jan 8, 2003 11:11 pm | |
| neal | Jan 8, 2003 11:17 pm | |
| neal | Jan 8, 2003 11:21 pm | |
| Craig R. McClanahan | Jan 8, 2003 11:23 pm | |
| neal | Jan 8, 2003 11:37 pm | |
| Craig R. McClanahan | Jan 8, 2003 11:51 pm | |
| neal | Jan 9, 2003 12:03 am | |
| Noel J. Bergman | Jan 9, 2003 12:08 am | |
| Turner, John | Jan 9, 2003 2:31 am | |
| Ralph Einfeldt | Jan 9, 2003 2:41 am | |
| neal | Jan 9, 2003 3:51 am | |
| neal | Jan 9, 2003 3:53 am | |
| Turner, John | Jan 9, 2003 5:22 am | |
| Turner, John | Jan 9, 2003 5:33 am | |
| Craig R. McClanahan | Jan 9, 2003 10:01 am | |
| neal | Jan 9, 2003 10:02 am | |
| Turner, John | Jan 9, 2003 11:16 am | |
| neal | Jan 9, 2003 11:25 am | |
| Noel J. Bergman | Jan 9, 2003 11:43 am | |
| neal | Jan 9, 2003 11:47 am | |
| Turner, John | Jan 9, 2003 12:09 pm | |
| Turner, John | Jan 9, 2003 12:11 pm | |
| Noel J. Bergman | Jan 9, 2003 12:33 pm | |
| neal | Jan 9, 2003 1:41 pm | |
| Turner, John | Jan 9, 2003 1:45 pm | |
| Jon Eaves | Jan 9, 2003 2:58 pm | |
| neal | Jan 9, 2003 4:04 pm | |
| Jeffrey Winter | Jan 9, 2003 4:25 pm | |
| Craig R. McClanahan | Jan 9, 2003 5:43 pm | |
| Jeffrey Winter | Jan 9, 2003 6:10 pm | |
| Jeffrey Winter | Jan 9, 2003 6:11 pm | |
| Tim Funk | Jan 9, 2003 6:14 pm | |
| Craig R. McClanahan | Jan 9, 2003 7:08 pm | |
| Craig R. McClanahan | Jan 9, 2003 7:11 pm | |
| Tim Funk | Jan 10, 2003 4:29 am | |
| Jacob Hookom | Jan 10, 2003 6:36 am | |
| Cox, Charlie | Jan 10, 2003 6:47 am | |
| Tim Funk | Jan 10, 2003 6:52 am | |
| AAron nAAs | Jan 10, 2003 7:03 am | |
| Jacob Hookom | Jan 10, 2003 7:06 am | |
| Craig R. McClanahan | Jan 10, 2003 3:53 pm | |
| neal | Jan 19, 2003 10:10 pm |
| Subject: | RE: Authentication and Filters | |
|---|---|---|
| From: | Cox, Charlie (cc...@cincom.com) | |
| Date: | Jan 10, 2003 6:47:37 am | |
| List: | org.apache.tomcat.users | |
it currently does not allow this. Apparently this ability will be added to the servlet spec 2.4 which would then be implemented in tomcat 5.x
Charlie
-----Original Message----- From: Jacob Hookom [mailto:hook...@uwec.edu] Sent: Friday, January 10, 2003 9:37 AM To: 'Tomcat Users List' Subject: RE: Authentication and Filters
Authentication aside, does the servlet container work such that an include or RD operation has the option of passing through the filter? If so, as of which release?
Best Regards, Jacob
| -----Original Message----- | From: Tim Funk [mailto:funk...@joedog.org] | Sent: Friday, January 10, 2003 6:30 AM | To: Tomcat Users List | Subject: Re: Authentication and Filters | | I meant 2.5 since changes to 2.4 are closed from my position in the dev | community. | | My point is only the incoming request is protected by the security | constraint in web.xml. It may be nice to allow the programmer to also | check future dispatches for authorization before the dispatch occurs. | | RequestDispatcher.isAuthorized() was to allow an admin to define | additional security contraints in web.xml without writing code. This | also requires the cooperation of the developer of a webapp to check for | this condition too. | | Sorry for starting to take this off-topic. | | -Tim | | Craig R. McClanahan wrote: | > | > On Thu, 9 Jan 2003, Tim Funk wrote: | > | > | >>Date: Thu, 09 Jan 2003 21:15:12 -0500 | >>From: Tim Funk <funk...@joedog.org> | >>Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> | >>To: Tomcat Users List <tomc...@jakarta.apache.org> | >>Subject: Re: Authentication and Filters | >> | >>Is there a chance (or worthwhile) that in Servlet API 2.5 a developer | >>could check if an obtained RequestDispatcher would violate a security | >>constraint in web.xml? | >> | > | > | > I assume you mean Servlet 2.4, right? | > | > | >>For example the following new method: | >>RequestDispatcher.isAuthorized() | >>Returns true if the RequestDispatcher's url passes the constraints | >>defined in web.xml | > | > | > This does not seem likely to me. Nor does it seem necessary. After | all, | > your application has available everything it needs to know (through | calls | > like request.getUserPrincipal() and request.isUserInRole()) to make this | > decision for itself. If the app chooses to forward, the container is | > going to assume that it knows what it is doing. | > | > Now that you can declare a Filter to be imposed on RD calls in Servlet | > 2.4, that might be a good place to implement a check like this. | > | > | >>-Tim | >> | > | > | > Craig | > | | | -- | To unsubscribe, e-mail: <mailto:tomcat-user- | unsu...@jakarta.apache.org> | For additional commands, e-mail: <mailto:tomcat-user- | he...@jakarta.apache.org>
-- To unsubscribe, e-mail:
<mailto:tomc...@jakarta.apache.org> For additional commands, e-mail: <mailto:tomc...@jakarta.apache.org>