You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@forrest.apache.org by Mikael Sitruk <mi...@bezeqint.net> on 2004/04/18 00:28:33 UTC

Adding authorization on some pages

Hi

I would like to add authorization on some pages, for example when
someone will click "download" link or the "internal resource" page, the
user will be able to get these link/pages only if he is authorized to.
If not, the user will be redirected to the login page or an error page.
Of course the pages will run in a servlet container, and I presume 
these links will be redirected first to an authorization servlet.
Has someone did such thing? 
Is there a place I can find an example? 
Do I have to redirect manually (editing the xml) all the link to the
servlet (assuming that I already have a site without the authorization)?
If I redirect all the link to the servlet, I need also to pass the
target of the link to the servlet (so he can do forward), does it mean I
need to add something like "?target_page=<value>" in the links, or is
there another solution (xmap???)

Regards,
Mikael.S

Re: Adding authorization on some pages

Posted by Upayavira <uv...@upaya.co.uk>.

Mikael Sitruk wrote:

>Dave hi
>
>Editing the web.xml may be fine for few files, nevertheless I was
>thinking at something automatic, without requiring web admin
>intervention or manual change, just like the htmls are generated from
>xml file...
>Is it possible??
>  
>
Authentication information cannot be stored in the generated HTML files. 
It is the job of your web server or servlet container to handle 
authentication.

If you are serving static HTML files from Apache, then use Apache's 
authentication.

If you are serving pages dynamically from a servlet container, then use 
the servlet container's authentication (as described below).

If you are serving pages dynamically from a servlet container, which is 
behind an Apache web server (which is recommended) then you can use either.

Usually, authentication schemes can be applied to specific directories, 
so that all files in that directory are covered by the authentication 
scheme.

Upayavira

>
> 
>On Wed, 2004-04-21 at 16:17, Dave Brondsema wrote:
>  
>
>>Mikael Sitruk wrote:
>>    
>>
>>>Hi
>>>
>>>I would like to add authorization on some pages, for example when
>>>someone will click "download" link or the "internal resource" page, the
>>>user will be able to get these link/pages only if he is authorized to.
>>>If not, the user will be redirected to the login page or an error page.
>>>Of course the pages will run in a servlet container, and I presume 
>>>these links will be redirected first to an authorization servlet.
>>>Has someone did such thing? 
>>>Is there a place I can find an example? 
>>>Do I have to redirect manually (editing the xml) all the link to the
>>>servlet (assuming that I already have a site without the authorization)?
>>>If I redirect all the link to the servlet, I need also to pass the
>>>target of the link to the servlet (so he can do forward), does it mean I
>>>need to add something like "?target_page=<value>" in the links, or is
>>>there another solution (xmap???)
>>>
>>>Regards,
>>>Mikael.S
>>>
>>>      
>>>
>>If you are hosting statically generated pages within the servlet, you 
>>can put use web.xml security to limit access to certain directories. 
>>This file is not a source file, so it would be placed outside the xdocs 
>>dir (src/documentation/content/WEB-INF/web.xml).  See 
>>http://xml.apache.org/forrest/faq.html#link_raw
>>
>>If you are hosting the site as a dynamic webapp within the servlet, you 
>>should be able to modify the web.xml in the war file before deploying it.
>>    
>>
>
>  
>

Re: Adding authorization on some pages

Posted by Mikael Sitruk <mi...@bezeqint.net>.

Dave hi

Editing the web.xml may be fine for few files, nevertheless I was
thinking at something automatic, without requiring web admin
intervention or manual change, just like the htmls are generated from
xml file...
Is it possible??


 
On Wed, 2004-04-21 at 16:17, Dave Brondsema wrote:
> Mikael Sitruk wrote:
> > Hi
> > 
> > I would like to add authorization on some pages, for example when
> > someone will click "download" link or the "internal resource" page, the
> > user will be able to get these link/pages only if he is authorized to.
> > If not, the user will be redirected to the login page or an error page.
> > Of course the pages will run in a servlet container, and I presume 
> > these links will be redirected first to an authorization servlet.
> > Has someone did such thing? 
> > Is there a place I can find an example? 
> > Do I have to redirect manually (editing the xml) all the link to the
> > servlet (assuming that I already have a site without the authorization)?
> > If I redirect all the link to the servlet, I need also to pass the
> > target of the link to the servlet (so he can do forward), does it mean I
> > need to add something like "?target_page=<value>" in the links, or is
> > there another solution (xmap???)
> > 
> > Regards,
> > Mikael.S
> > 
> 
> If you are hosting statically generated pages within the servlet, you 
> can put use web.xml security to limit access to certain directories. 
> This file is not a source file, so it would be placed outside the xdocs 
> dir (src/documentation/content/WEB-INF/web.xml).  See 
> http://xml.apache.org/forrest/faq.html#link_raw
> 
> If you are hosting the site as a dynamic webapp within the servlet, you 
> should be able to modify the web.xml in the war file before deploying it.

Re: Adding authorization on some pages

Posted by Dave Brondsema <da...@brondsema.net>.

Mikael Sitruk wrote:
> Hi
> 
> I would like to add authorization on some pages, for example when
> someone will click "download" link or the "internal resource" page, the
> user will be able to get these link/pages only if he is authorized to.
> If not, the user will be redirected to the login page or an error page.
> Of course the pages will run in a servlet container, and I presume 
> these links will be redirected first to an authorization servlet.
> Has someone did such thing? 
> Is there a place I can find an example? 
> Do I have to redirect manually (editing the xml) all the link to the
> servlet (assuming that I already have a site without the authorization)?
> If I redirect all the link to the servlet, I need also to pass the
> target of the link to the servlet (so he can do forward), does it mean I
> need to add something like "?target_page=<value>" in the links, or is
> there another solution (xmap???)
> 
> Regards,
> Mikael.S
> 

If you are hosting statically generated pages within the servlet, you 
can put use web.xml security to limit access to certain directories. 
This file is not a source file, so it would be placed outside the xdocs 
dir (src/documentation/content/WEB-INF/web.xml).  See 
http://xml.apache.org/forrest/faq.html#link_raw

If you are hosting the site as a dynamic webapp within the servlet, you 
should be able to modify the web.xml in the war file before deploying it.

-- 
Dave Brondsema : dave@brondsema.net
http://www.splike.com : programming
http://csx.calvin.edu : student org
http://www.brondsema.net : personal