aspose file tools*
The moose likes Servlets and the fly likes Securing a servlet based on request params Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Securing a servlet based on request params" Watch "Securing a servlet based on request params" New topic
Author

Securing a servlet based on request params

Nicola Gustavson
Greenhorn

Joined: Jun 17, 2010
Posts: 3
Hi, using J2EE security in web.xml, can you secure a servlet based on request params?

server/app/dostuffservlet?page=Circle granted to role(s)
server/app/dostuffservlet?page=Square granted to other role(s)

Or does the dostuffservlet always have to be granted to the same role(s)?

Also, will this work if the request params are listed in a different order?

I.e. server/app/dostuffservlet?day=Monday&page=Circle

Thanks for the help.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You'd have to tell us a little more about what you mean by "Secure a servlet"


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Nicola Gustavson
Greenhorn

Joined: Jun 17, 2010
Posts: 3
I mean, can you assign the same servlet to two different auth-constraints, like this:
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I would have to double check but, to the best of my knowledge, the servlet spec does not consider the query string part of the url-pattern for the purpose of mapping.

If you plan on doing this test it, not only in the container that you're using but any that you plan to support (as well as versions of those containers) and, unless you find something in the spec that specifically states that query strings are considered, plan on re-testing for every future version of each container you plan to support.

Nicola Gustavson
Greenhorn

Joined: Jun 17, 2010
Posts: 3
Thanks for your reply, Ben! That helps a lot.

I would also like to find some formal documentation on this subject (how the URL is parsed), if possible. Do you have any pointers on where I might look?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

There is a link to the servlet spec in my signature.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Securing a servlet based on request params
 
Similar Threads
please help,Custom tags In Tomact3.2.1
Diff between getInitParameter() in ServletConfig.& ServletContext
FORM authentication with TomCat 5 - jwsdp-1.4
FORM authentication with TomCat 5 - jwsdp-1.4
security-constraint login error