Thanks for the replies Shunhui, Erik, Tero, and Chris. Very helpful suggestions.
Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 2:59 PM To: [EMAIL PROTECTED] Subject: RE: Login and security checks Here's how I do it: use a servlet filter to handle login. Put all your secured (those requiring login) in a subfolder, and map the filter to that folder. In this way, the user can browse anywhere except when he/she comes to any page in the proteced folder, at that time he/she will be redirected to the login page. Shunhui -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: Login and security checks I'm currently working on a web app which will be available publicly. In the past I've secured my webapp using Tomcat's form based security. This works fine if you require a user to log in as soon as the webapp is initiated (as is the case with most internal web apps). However, with my current webapp there is definitely a need for browsing before creating a user id. How can I organize my webapp so that some of the content is available to anybody, but other parts can only be done when the user logs in? This may also be tied into when to use http and when to use https. Any hints or links are welcome. Mike Witt --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
