-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

John Caron wrote:
> Instead of declaring which URLs need to be secure in web.xml, I would
> like to determine this when the URL comes in, but then use Tomcat to
> deal with the authentication if it is needed. Can anyone give me any
> pointers on where to get started with that?

There's no standard way to do this.

Your options are basically to either hack around with Tomcat's
authentication and authorization code (which I don't recommend),
implementing your own authentication and authorization scheme (or
perhaps just the authorization scheme using something like a Valve or,
better yet, a Filter), or piggyback on an existing project like
securityfilter (http://securityfilter.sourceforge.net).

I think that the third option will get you further faster.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrwl79CaO5/Lv0PARAq1JAJ9eEbHMO1sejY3BizqHXEv/na339ACglZiV
VLNVH1GgzwUcE6d9A5r4X94=
=4O/I
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)