Re: Authentication and Filters - Craig R. McClanahan - org.apache.tomcat.users

73 messages in org.apache.tomcat.usersRe: Authentication and Filters

From	Sent On	Attachments
Kevin Wilson	Jan 7, 2003 8:47 am
Jason Pyeron	Jan 7, 2003 9:08 am
Turner, John	Jan 7, 2003 9:14 am
Jason Pyeron	Jan 7, 2003 9:26 am
Kevin Wilson	Jan 7, 2003 9:33 am
Jason Pyeron	Jan 7, 2003 9:41 am
Turner, John	Jan 7, 2003 10:00 am
Rasputin	Jan 7, 2003 10:55 am
Jason Pyeron	Jan 7, 2003 12:40 pm
Jason Pyeron	Jan 7, 2003 12:47 pm
Turner, John	Jan 7, 2003 12:58 pm
neal	Jan 8, 2003 1:50 am
Turner, John	Jan 8, 2003 7:15 am
neal	Jan 8, 2003 12:54 pm
neal	Jan 8, 2003 12:55 pm
Turner, John	Jan 8, 2003 1:03 pm
neal	Jan 8, 2003 1:34 pm
Gary Gwin	Jan 8, 2003 2:34 pm
neal	Jan 8, 2003 2:46 pm
Turner, John	Jan 8, 2003 3:24 pm
neal	Jan 8, 2003 3:44 pm
Turner, John	Jan 8, 2003 3:51 pm
neal	Jan 8, 2003 3:55 pm
Turner, John	Jan 8, 2003 5:33 pm
Craig R. McClanahan	Jan 8, 2003 6:06 pm
neal	Jan 8, 2003 6:28 pm
Noel J. Bergman	Jan 8, 2003 6:33 pm
Turner, John	Jan 8, 2003 7:19 pm
Turner, John	Jan 8, 2003 7:26 pm
Craig R. McClanahan	Jan 8, 2003 7:35 pm
neal	Jan 8, 2003 11:06 pm
neal	Jan 8, 2003 11:11 pm
neal	Jan 8, 2003 11:17 pm
neal	Jan 8, 2003 11:21 pm
Craig R. McClanahan	Jan 8, 2003 11:23 pm
neal	Jan 8, 2003 11:37 pm
Craig R. McClanahan	Jan 8, 2003 11:51 pm
neal	Jan 9, 2003 12:03 am
Noel J. Bergman	Jan 9, 2003 12:08 am
Turner, John	Jan 9, 2003 2:31 am
Ralph Einfeldt	Jan 9, 2003 2:41 am
neal	Jan 9, 2003 3:51 am
neal	Jan 9, 2003 3:53 am
Turner, John	Jan 9, 2003 5:22 am
Turner, John	Jan 9, 2003 5:33 am
Craig R. McClanahan	Jan 9, 2003 10:01 am
neal	Jan 9, 2003 10:02 am
Turner, John	Jan 9, 2003 11:16 am
neal	Jan 9, 2003 11:25 am
Noel J. Bergman	Jan 9, 2003 11:43 am
neal	Jan 9, 2003 11:47 am
Turner, John	Jan 9, 2003 12:09 pm
Turner, John	Jan 9, 2003 12:11 pm
Noel J. Bergman	Jan 9, 2003 12:33 pm
neal	Jan 9, 2003 1:41 pm
Turner, John	Jan 9, 2003 1:45 pm
Jon Eaves	Jan 9, 2003 2:58 pm
neal	Jan 9, 2003 4:04 pm
Jeffrey Winter	Jan 9, 2003 4:25 pm
Craig R. McClanahan	Jan 9, 2003 5:43 pm
Jeffrey Winter	Jan 9, 2003 6:10 pm
Jeffrey Winter	Jan 9, 2003 6:11 pm
Tim Funk	Jan 9, 2003 6:14 pm
Craig R. McClanahan	Jan 9, 2003 7:08 pm
Craig R. McClanahan	Jan 9, 2003 7:11 pm
Tim Funk	Jan 10, 2003 4:29 am
Jacob Hookom	Jan 10, 2003 6:36 am
Cox, Charlie	Jan 10, 2003 6:47 am
Tim Funk	Jan 10, 2003 6:52 am
AAron nAAs	Jan 10, 2003 7:03 am
Jacob Hookom	Jan 10, 2003 7:06 am
Craig R. McClanahan	Jan 10, 2003 3:53 pm
neal	Jan 19, 2003 10:10 pm

Subject:	Re: Authentication and Filters
From:	Craig R. McClanahan (crai...@apache.org)
Date:	Jan 9, 2003 7:11:33 pm
List:	org.apache.tomcat.users

On Thu, 9 Jan 2003, Tim Funk wrote:

Date: Thu, 09 Jan 2003 21:15:12 -0500 From: Tim Funk <funk...@joedog.org> Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> To: Tomcat Users List <tomc...@jakarta.apache.org> Subject: Re: Authentication and Filters

Is there a chance (or worthwhile) that in Servlet API 2.5 a developer could check if an obtained RequestDispatcher would violate a security constraint in web.xml?

I assume you mean Servlet 2.4, right?

For example the following new method: RequestDispatcher.isAuthorized() Returns true if the RequestDispatcher's url passes the constraints defined in web.xml

This does not seem likely to me. Nor does it seem necessary. After all, your application has available everything it needs to know (through calls like request.getUserPrincipal() and request.isUserInRole()) to make this decision for itself. If the app chooses to forward, the container is going to assume that it knows what it is doing.

Now that you can declare a Filter to be imposed on RD calls in Servlet 2.4, that might be a good place to implement a check like this.

Craig

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets