tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Bruno.Mell...@nokia.com>
Subject RE: restricting access to jsp pages
Date Thu, 15 Jan 2004 16:36:54 GMT
Then try a servlet filter (this is what I normally do).  That should save you from having code
on each JSP page.  Search the web for a good tutorial.

But you still have to decide what action you want to take when a user is not logged, since
your URL is being hit and some response is required.

b.

-----Original Message-----
From: news [mailto:news@sea.gmane.org]On Behalf Of ext Michael E. Allen
Sent: Thursday, January 15, 2004 10:07 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: restricting access to jsp pages


Bruno.Melloni@nokia.com wrote:

> A trivial solution is to store something (anything) in the user session during login,
and then retrieve it in the JSP.  If the retrieved value is not null, then the user is logged
in.  If the user is not logged in, you can redirect him to the login or an error page.
> 
> Of course, this is only one possible solution.  Others exist.  Which is best depends
on what you are trying to accomplish in your site.
> 
> b.
> 

Yes; but I don't want to check for whether user is logged in or not in 
every page... I want the page to only be accessible to a logged in user. 
    Basically I want single sign on; the webapp should not be accessible 
at all except to an authenticated user.



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message