i solved this using a bit of a 'hybrid'. basically, i registered an
authentication servlet as an alias within the servlet container, mapped to
/. so, anytime a user requests a url with the alias in it, the servlet gets
executed, checking whether the user is authenticated. if they aren't, they
get redirected to login. if they are, they see the requested item.
nice thing is, it works for ANY content requested (.html, .pdf, etc) and not
just .jsp.
-----Original Message-----
From: Hines, Bill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 8:11 AM
To: [EMAIL PROTECTED]
Subject: Re: Check security for userID & password
But also, doing it this way (with no tags in the page), you are allowing a
non-logged in user to see the JSP page. In some cases this is unacceptable,
and you must have a tag at the top of each page that checks to see if the
user is logged in.
Bill Hines
Hershey Foods.
-----Original Message-----
From: Sachin S. Khanna [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 1:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Check security for userID & password
Two ways of doing it depending on which architecture model are you using
Assuming you have a Login Bean which would hold the user name and password
which is placed into the users session when the user successfully logs in.
If you are using the Model 2 architecture keep a check (an if statement) in
the controller servlet which would try to get the Login Bean from the users
session (using the getAttribute() method ). If it returns null then redirect
the user to the login page, if not give him the access.
In case you are using the Model 1 architecture, you would need to place the
check (an if statement) in every jsp page that requires the user to be
logged in.
Have a nice day.
With regards,
Sachin S. Khanna.
www.emailanorder.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
