Messages per Month
73 messages in org.apache.tomcat.usersRe: Authentication and Filters| From | Sent On | Attachments |
|---|---|---|
| Kevin Wilson | Jan 7, 2003 8:47 am | |
| Jason Pyeron | Jan 7, 2003 9:08 am | |
| Turner, John | Jan 7, 2003 9:14 am | |
| Jason Pyeron | Jan 7, 2003 9:26 am | |
| Kevin Wilson | Jan 7, 2003 9:33 am | |
| Jason Pyeron | Jan 7, 2003 9:41 am | |
| Turner, John | Jan 7, 2003 10:00 am | |
| Rasputin | Jan 7, 2003 10:55 am | |
| Jason Pyeron | Jan 7, 2003 12:40 pm | |
| Jason Pyeron | Jan 7, 2003 12:47 pm | |
| Turner, John | Jan 7, 2003 12:58 pm | |
| neal | Jan 8, 2003 1:50 am | |
| Turner, John | Jan 8, 2003 7:15 am | |
| neal | Jan 8, 2003 12:54 pm | |
| neal | Jan 8, 2003 12:55 pm | |
| Turner, John | Jan 8, 2003 1:03 pm | |
| neal | Jan 8, 2003 1:34 pm | |
| Gary Gwin | Jan 8, 2003 2:34 pm | |
| neal | Jan 8, 2003 2:46 pm | |
| Turner, John | Jan 8, 2003 3:24 pm | |
| neal | Jan 8, 2003 3:44 pm | |
| Turner, John | Jan 8, 2003 3:51 pm | |
| neal | Jan 8, 2003 3:55 pm | |
| Turner, John | Jan 8, 2003 5:33 pm | |
| Craig R. McClanahan | Jan 8, 2003 6:06 pm | |
| neal | Jan 8, 2003 6:28 pm | |
| Noel J. Bergman | Jan 8, 2003 6:33 pm | |
| Turner, John | Jan 8, 2003 7:19 pm | |
| Turner, John | Jan 8, 2003 7:26 pm | |
| Craig R. McClanahan | Jan 8, 2003 7:35 pm | |
| neal | Jan 8, 2003 11:06 pm | |
| neal | Jan 8, 2003 11:11 pm | |
| neal | Jan 8, 2003 11:17 pm | |
| neal | Jan 8, 2003 11:21 pm | |
| Craig R. McClanahan | Jan 8, 2003 11:23 pm | |
| neal | Jan 8, 2003 11:37 pm | |
| Craig R. McClanahan | Jan 8, 2003 11:51 pm | |
| neal | Jan 9, 2003 12:03 am | |
| Noel J. Bergman | Jan 9, 2003 12:08 am | |
| Turner, John | Jan 9, 2003 2:31 am | |
| Ralph Einfeldt | Jan 9, 2003 2:41 am | |
| neal | Jan 9, 2003 3:51 am | |
| neal | Jan 9, 2003 3:53 am | |
| Turner, John | Jan 9, 2003 5:22 am | |
| Turner, John | Jan 9, 2003 5:33 am | |
| Craig R. McClanahan | Jan 9, 2003 10:01 am | |
| neal | Jan 9, 2003 10:02 am | |
| Turner, John | Jan 9, 2003 11:16 am | |
| neal | Jan 9, 2003 11:25 am | |
| Noel J. Bergman | Jan 9, 2003 11:43 am | |
| neal | Jan 9, 2003 11:47 am | |
| Turner, John | Jan 9, 2003 12:09 pm | |
| Turner, John | Jan 9, 2003 12:11 pm | |
| Noel J. Bergman | Jan 9, 2003 12:33 pm | |
| neal | Jan 9, 2003 1:41 pm | |
| Turner, John | Jan 9, 2003 1:45 pm | |
| Jon Eaves | Jan 9, 2003 2:58 pm | |
| neal | Jan 9, 2003 4:04 pm | |
| Jeffrey Winter | Jan 9, 2003 4:25 pm | |
| Craig R. McClanahan | Jan 9, 2003 5:43 pm | |
| Jeffrey Winter | Jan 9, 2003 6:10 pm | |
| Jeffrey Winter | Jan 9, 2003 6:11 pm | |
| Tim Funk | Jan 9, 2003 6:14 pm | |
| Craig R. McClanahan | Jan 9, 2003 7:08 pm | |
| Craig R. McClanahan | Jan 9, 2003 7:11 pm | |
| Tim Funk | Jan 10, 2003 4:29 am | |
| Jacob Hookom | Jan 10, 2003 6:36 am | |
| Cox, Charlie | Jan 10, 2003 6:47 am | |
| Tim Funk | Jan 10, 2003 6:52 am | |
| AAron nAAs | Jan 10, 2003 7:03 am | |
| Jacob Hookom | Jan 10, 2003 7:06 am | |
| Craig R. McClanahan | Jan 10, 2003 3:53 pm | |
| neal | Jan 19, 2003 10:10 pm |
| Subject: | Re: Authentication and Filters | |
|---|---|---|
| From: | Jeffrey Winter (jeff...@attbi.com) | |
| Date: | Jan 9, 2003 6:10:07 pm | |
| List: | org.apache.tomcat.users | |
A key rule to remember is that security constraints are applied *only* on the original URL requested by the client -- not on RequestDispatcher calls. I would bet you probably have "/resource/*" protected, but you'll likely want to protect "/user/*" as well.
Thanks, this is a great help. You're right, for /user/*, GET requires authentication, but POST doesn't which looks to be why it was working as I had outlined it.
But actually, given the nature of how I need to authenticate my resources, it seems that I would be better off in this particular circumstance to use Apache's mod_rewrite to setup the urls which would eliminate the RequestDispatcher altogether.