tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giorgio Clavelli <giorgio.clave...@gmail.com>
Subject Re: Is this good flow control?
Date Sat, 05 Nov 2005 01:19:39 GMT
Hi all,

I thought that once an user is authenticated, using the session object at
the head of each page, should be nearly a default way to ensure only allowed
user can navigate the 'secured pages'.

I'm relatively new to JSP/ Servlet programming, so more than an answer, I
guess mine is a query too.

On 11/5/05, Mark Thomas <markt@apache.org> wrote:
>
> Why not just specify the protected pages in your web.xml and let
> Tomcat do this for you?
>
> If that isn't flexible enough, I would do this as a servlet
> filter.
>
> Mark
>
> Dola Woolfe wrote:
> > Hi,
> >
> > I'm adding a level of security to my web applicaiton.
> > Certain pages are only available to certain users.
> > So the page first checks wither the user is authorized
> > to view it. If yes, it displays the page. Otherwise it
> > offers to login.
> >
> > I don't want to do this with a (short) "if" and a
> > (long) "then" so I throw a MyAuthenticationException
> > and in ErrorPage.jsp have code: if (exception
> > instanceof MyAuthenticationException)
> > forward-to-login-page. (This saves me from having a
> > big "then" block on every page.)
> >
> > Is it a good idea to handle flow this way?
> >
> > Thanks!
> >
> > Dola
> >
> >
> >
> > __________________________________
> > Start your day with Yahoo! - Make it your home page!
> > http://www.yahoo.com/r/hs
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message