For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves
Hi Bear and Peter, I dont mean to hijack this thread but I have exactly the same case as what Peter wants to do. In my case, I already setup a filter to trap all incoming HTTP request.
Check for a principal in the session and set the Authorization scheme on the session (User is Admin/Guest/etc..).
I cant help but think that this is a good security scheme. My question is, are putting user authorization/authentication scheme on session considered 'secure-enough?' and there's no way of others being able to check its value since session runs on the server side? Thanks
Sean Clark ---> I love this place!!!
Me ------> I definitely love this place!!!