tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject form-based login / cookies disabled / JSPs in WEB-INF
Date Sun, 28 Sep 2003 15:10:52 GMT
I think I have a problem.

I want form-based container-managed authentication on my app.

I also want to allow cookies to be disabled.

And I want to keep my JSPs under WEB-INF for security.

It seems I cannot have these 3 combined, because disabling cookies means 
I have to do URL rewriting in the login form action URL, therefore my 
login form has to be a JSP and cannot be just plain .html .

But while I do not want any JSPs outside of WEB-INF, I can't configure 
my login form to be in WEB-INF.

Is this true, or is there a work-around?


struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9

View raw message