tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From B Wiley Snyder <wiley.sny...@gmail.com>
Subject Re: Is this good flow control?
Date Sat, 05 Nov 2005 02:01:53 GMT
Howdy,

So are you basically implementing your own authentication system instead of 
using the one that comes with tomcat ? If your just starting out figure out 
how to use the one that comes with tomcat before you make your own.



At 05:19 PM 11/4/2005, you wrote:
>Hi all,
>
>I thought that once an user is authenticated, using the session object at
>the head of each page, should be nearly a default way to ensure only allowed
>user can navigate the 'secured pages'.
>
>I'm relatively new to JSP/ Servlet programming, so more than an answer, I
>guess mine is a query too.
>
>On 11/5/05, Mark Thomas <markt@apache.org> wrote:
> >
> > Why not just specify the protected pages in your web.xml and let
> > Tomcat do this for you?
> >
> > If that isn't flexible enough, I would do this as a servlet
> > filter.
> >
> > Mark
> >
> > Dola Woolfe wrote:
> > > Hi,
> > >
> > > I'm adding a level of security to my web applicaiton.
> > > Certain pages are only available to certain users.
> > > So the page first checks wither the user is authorized
> > > to view it. If yes, it displays the page. Otherwise it
> > > offers to login.
> > >
> > > I don't want to do this with a (short) "if" and a
> > > (long) "then" so I throw a MyAuthenticationException
> > > and in ErrorPage.jsp have code: if (exception
> > > instanceof MyAuthenticationException)
> > > forward-to-login-page. (This saves me from having a
> > > big "then" block on every page.)
> > >
> > > Is it a good idea to handle flow this way?
> > >
> > > Thanks!
> > >
> > > Dola
> > >
> > >
> > >
> > > __________________________________
> > > Start your day with Yahoo! - Make it your home page!
> > > http://www.yahoo.com/r/hs
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> > >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message