tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Kjome <h...@visi.com>
Subject Re: How to prevent direct access to login.jsp
Date Tue, 09 Dec 2003 05:00:08 GMT

Put the file in something like WEB-INF/jsp/login.jsp.  Then either 
configure form-based authentication for the path to that JSP or have your 
MVC framework serve up that JSP page upon access to a protected 
resource.  The "back" button will never know the exact location of the page.

Jake

At 05:59 PM 12/8/2003 -0500, you wrote:
>Hi,
>
>I realized that my user can mess himself by bookmarking the login page
>he is asked to log in. The login.jsp appears in the URL address in the
>browser...
>
>Does anyone know how to avoid this? How do I block that URL for the user
>and not for the server?
>
>Thanks.
>
>Yaakov Chaikin
>Software Engineer
>BAE SYSTEMS
>301-838-6899 (phone)
>301-838-6802 (fax)
>yaakov.y.chaikin@baesystems.com
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message