tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Kjome <>
Subject Re: How to prevent direct access to login.jsp
Date Tue, 09 Dec 2003 05:00:08 GMT

Put the file in something like WEB-INF/jsp/login.jsp.  Then either 
configure form-based authentication for the path to that JSP or have your 
MVC framework serve up that JSP page upon access to a protected 
resource.  The "back" button will never know the exact location of the page.


At 05:59 PM 12/8/2003 -0500, you wrote:
>I realized that my user can mess himself by bookmarking the login page
>he is asked to log in. The login.jsp appears in the URL address in the
>Does anyone know how to avoid this? How do I block that URL for the user
>and not for the server?
>Yaakov Chaikin
>Software Engineer
>301-838-6899 (phone)
>301-838-6802 (fax)
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message