Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Java (http://www.velocityreviews.com/forums/f30-java.html)
-   -   container-auth vs servlet-auth role-checking? (http://www.velocityreviews.com/forums/t127207-container-auth-vs-servlet-auth-role-checking.html)

Mark Chai 10-01-2003 05:58 PM

container-auth vs servlet-auth role-checking?
 
dear all,

has anyone managed to set the user Principal in a http session using
servlet-authentication? this is easy to do for container-based auth, but
it's not flexible enough for a custom authentication and authorization
module I'm creating.

the only problem is that I cannot set a Principal into the http session and
thus cannot use the typical code for checking role authorization, i.e.
isUserInRole() for Resin or hasRole() functions in Tomcat?

TIA,
Mark
m.chai(at)ieee.org



Christophe Vanfleteren 10-01-2003 06:30 PM

Re: container-auth vs servlet-auth role-checking?
 
Mark Chai wrote:

> dear all,
>
> has anyone managed to set the user Principal in a http session using
> servlet-authentication? this is easy to do for container-based auth, but
> it's not flexible enough for a custom authentication and authorization
> module I'm creating.
>
> the only problem is that I cannot set a Principal into the http session
> and thus cannot use the typical code for checking role authorization, i.e.
> isUserInRole() for Resin or hasRole() functions in Tomcat?
>
> TIA,
> Mark
> m.chai(at)ieee.org


no, programmatic login unfortunately doesn't work with tomcat.

--
mvg,
Christophe Vanfleteren


All times are GMT. The time now is 03:57 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.