Howdy,
So are you basically implementing your own authentication system instead of
using the one that comes with tomcat ? If your just starting out figure out
how to use the one that comes with tomcat before you make your own.
At 05:19 PM 11/4/2005, you wrote:
Hi all,
I thought that once an user is authenticated, using the session object at
the head of each page, should be nearly a default way to ensure only allowed
user can navigate the 'secured pages'.
I'm relatively new to JSP/ Servlet programming, so more than an answer, I
guess mine is a query too.
On 11/5/05, Mark Thomas <[EMAIL PROTECTED]> wrote:
>
> Why not just specify the protected pages in your web.xml and let
> Tomcat do this for you?
>
> If that isn't flexible enough, I would do this as a servlet
> filter.
>
> Mark
>
> Dola Woolfe wrote:
> > Hi,
> >
> > I'm adding a level of security to my web applicaiton.
> > Certain pages are only available to certain users.
> > So the page first checks wither the user is authorized
> > to view it. If yes, it displays the page. Otherwise it
> > offers to login.
> >
> > I don't want to do this with a (short) "if" and a
> > (long) "then" so I throw a MyAuthenticationException
> > and in ErrorPage.jsp have code: if (exception
> > instanceof MyAuthenticationException)
> > forward-to-login-page. (This saves me from having a
> > big "then" block on every page.)
> >
> > Is it a good idea to handle flow this way?
> >
> > Thanks!
> >
> > Dola
> >
> >
> >
> > __________________________________
> > Start your day with Yahoo! - Make it your home page!
> > http://www.yahoo.com/r/hs
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
