tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael E. Allen" <>
Subject Re: restricting access to jsp pages
Date Thu, 15 Jan 2004 21:19:15 GMT wrote:

> Then try a servlet filter (this is what I normally do).  That should save you from having
code on each JSP page.  Search the web for a good tutorial.
> But you still have to decide what action you want to take when a user is not logged,
since your URL is being hit and some response is required.
> b.
> -----Original Message-----
> From: news []On Behalf Of ext Michael E. Allen
> Sent: Thursday, January 15, 2004 10:07 AM
> To:
> Subject: Re: restricting access to jsp pages
> wrote:
>>A trivial solution is to store something (anything) in the user session during login,
and then retrieve it in the JSP.  If the retrieved value is not null, then the user is logged
in.  If the user is not logged in, you can redirect him to the login or an error page.
>>Of course, this is only one possible solution.  Others exist.  Which is best depends
on what you are trying to accomplish in your site.
> Yes; but I don't want to check for whether user is logged in or not in 
> every page... I want the page to only be accessible to a logged in user. 
>     Basically I want single sign on; the webapp should not be accessible 
> at all except to an authenticated user.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

I ended up doing this.  Actually, I had more kinds of files than just 
jsp that I wanted to restrict access to, so I moved everything but the 
Logon.jsp and index.jsp to subdirectories and set up a filter to block 
them if the session didn't have user info stored in the context.

Thank you for your help!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message