tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Andrei Cobo" <va...@megapathdsl.com>
Subject Re: protecting all resources
Date Wed, 03 May 2000 00:22:57 GMT
have the servlet parse the login. if sucessful send them to the right page,
and if not, send them to an error page of some sort. Store their valid login
in a session object and allow pages to be displayed if and only if that
session object is there. People who dont login will simply not get a session
variable that will allow them into the site.

Thats how i've done it many times

Luis



----- Original Message -----
From: "Dunkle, Ed" <Ed.Dunkle@ameriserve.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Tuesday, May 02, 2000 7:43 PM
Subject: protecting all resources


> Admittedly, I have not finished reading the JSDK 2.2 spec yet, but I'm
> working on it.  But, before I spend a lot of time on this, I was hoping
> someone could give me a clue.
>
> I am using form-based custom authorization.  So we have our own HTML form
> that posts to a servlet that then validates the credentials.  That's fine
> for a login, but I am wanting to ensure that the login has been successful
> before serving up any other files, mainly HTML and JSPs.
>
> I am thinking that I need to write a custom "file" servlet that would
first
> check for a valid login before allowing the file to be sent.  IF there is
> another way to do this, please let me know!
>
> Thanks,
> Ed
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
>


Mime
View raw message