Peter Bright (peter.b...@orbian.com)

Will a browser accept unsolicited images?

Until the browser has parsed the HTML it doesn't know it wants the
images.  Will trying to give them to it anyway actually work?  Or will
it just say "what the hell are these images, I haven't asked for them.
I'll just ignore them"?

> -----Original Message-----
> From: ALEX HYDE [email protected: alex...@btinternet.com]
> Sent: 18 October 2005 10:02
> To: [email protected: tomcat...@jakarta.apache.org]
> Subject: Multi-part response
>
> Hi All,
>
> This is probably not strictly a Tomcat question so apologies.
>
> If I am using Struts, how can I filter the output so that I
> convert it into a multipart response? Using a filter
> probably! But I'm not sure how. For example, how could I send
> all my embedded images and the response in one mulit-part response?
>
> Thanks alot
>
> Alex
>
>
>  
>  
>   
> ___________________________________________________________
> Yahoo! Messenger - NEW crystal clear PC to PC calling
> worldwide with voicemail http://uk.messenger.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected: users-unsubs...@tomcat.apache.org]
> For additional commands, e-mail: [email protected: users...@tomcat.apache.org]
>
>

*******************************************************************************
The information contained in this electronic message may be confidential and/or privileged. Any unauthorized use, dissemination, distribution, or reproduction is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy all copies of the original message.
*******************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: users-unsubs...@tomcat.apache.org]
For additional commands, e-mail: [email protected: users...@tomcat.apache.org]

No, sorry, it was unclear. I want them to be reauthenticat/ed/ with the
new credentials /automatically/.  Without making them have to
reauthenticate /by hand/.

*******************************************************************************
The information contained in this electronic message may be confidential and/or privileged. Any unauthorized use, dissemination, distribution, or reproduction is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy all copies of the original message.
*******************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

The user gets logged out.

*******************************************************************************
The information contained in this electronic message may be confidential and/or privileged. Any unauthorized use, dissemination, distribution, or reproduction is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy all copies of the original message.
*******************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

------_=_NextPart_001_01C5CE7E.9CBB9052
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

We're currently using form-based authentication (i.e.
<auth-method>FORM</auth-method>) but, as I suspect many people have
found, it's rather limited.

One requirement we have is enforced password changes in certain
scenarios.  Currently the approach we were thinking of using is as
follows:

a) the realm recognizes that the user has a mandatory password change
flag set, and so gives them a degenerate set of roles; instead of their
true role, they just have a MUST_CHANGE_PASSWORD role.
b) a filter checks for the existance of this role, and if it's found,
forces the user to go to our change password page.
c) the password is changed and the user reauthenticated with their new
credentials, to retrieve their full set of roles.

It's point (c) that's proving problematic; there's no way to
reauthenticate that I can see.  Our thinking is that we can resolve the
inability to reauthenticate by creating a custom Authenticator; we could
set some flag in the session to perform on-demand reauthentication,
which would repopulate the list of roles, and everything would be hunky
dory.

Is this approach reasonable?  How have other people tackled similar
requirements?  Is there any less contrived way of achieving what we want
with the minimum of Tomcat-specific code?

Peter


*******************************************************************************
The information contained in this electronic message may be confidential and/or privileged. Any unauthorized use, dissemination, distribution, or reproduction is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy all copies of the original message.
*******************************************************************************


------_=_NextPart_001_01C5CE7E.9CBB9052--