Ben Souther wrote:
Hiding the JSPs is easy.
Put them under the WEB-INF directory.
Ok... but then how do I access the jsp pages?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Andres Ledesma wrote:
Hi,
I have not much experience with jsp, but I do not think this is the right way
of doing that, your app have not to be inside WEB-INF.
To prevent people accessing your pages, you check the user session, if for
example, this pages can be view only by registered users
I'm confused.
I don't want the user to have to log in, ...
I can't find in the docs how Tomcat knows whether the user has logged in yet,
Question: Do you want your users to log in or not--nevermind who does it?
I want to have my guard servlet authenticate the user
How is that different
possible solution. Others exist. Which is best depends
on what you are trying to accomplish in your site.
b.
-Original Message-
From: ext Merrill Cornish [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 15, 2004 9:37 AM
To: Tomcat Users List
Subject: Re: restricting access to jsp
[EMAIL PROTECTED] wrote:
A trivial solution is to store something (anything) in the user session during login, and then retrieve it in the JSP. If the retrieved value is not null, then the user is logged in. If the user is not logged in, you can redirect him to the login or an error page.
Of
Howdy,
Yes; but I don't want to check for whether user is logged in or not in
every page... I want the page to only be accessible to a logged in
user.
Basically I want single sign on; the webapp should not be
accessible
at all except to an authenticated user.
I may have missed the earlier
I don't want to check for whether user is logged in or not in every page
Is there any particular reason why? The extra time is in the noise. The code is
boilerplate, and you can hige that behind a function call if you want.
Merrill
I thought about that... and I would like to set up a role in
tomcat-users to accomplish that. However, I don't want the user to have
to log in, rather I want to have my guard servlet authenticate the
user and then forward the request with the role filled in
programmatically. However, I
.
b.
-Original Message-
From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Michael E. Allen
Sent: Thursday, January 15, 2004 10:07 AM
To: [EMAIL PROTECTED]
Subject: Re: restricting access to jsp pages
[EMAIL PROTECTED] wrote:
A trivial solution is to store something (anything) in the user
response is required.
b.
-Original Message-
From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Michael E. Allen
Sent: Thursday, January 15, 2004 10:07 AM
To: [EMAIL PROTECTED]
Subject: Re: restricting access to jsp pages
[EMAIL PROTECTED] wrote:
A trivial solution is to store something
Greetings!
I am using struts 1.1 with Tomcat 4.1. I want to disallow a user to get
direct access to my static pages. That is, if the user types a url that
ends in anything but .do, I want them redirected to /Welcome.do. On
the other hand, I want to be able to access jsp pages and such via
Hiding the JSPs is easy.
Put them under the WEB-INF directory.
On Wednesday 14 January 2004 06:43 pm, you wrote:
Greetings!
I am using struts 1.1 with Tomcat 4.1. I want to disallow a user to get
direct access to my static pages. That is, if the user types a url that
ends in anything
Hi,
I have not much experience with jsp, but I do not think this is the right way
of doing that, your app have not to be inside WEB-INF.
To prevent people accessing your pages, you check the user session, if for
example, this pages can be view only by registered users only after a login,
or
13 matches
Mail list logo
