Amit,
There already is code included in tomcat for intercepting
all requests for defined sets of URL's and applying
authentication. Look at the definitions of RequestInterceptors for Simple and
JDBC Realms in your server.xml file and check out the source
for these.
Also look at the security constraint section of the web.xml in your
examples dir and at the example login.jsp in the security dir
If you are using a database to authenticate your users there's a howto at
http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto
However be warned I only ever got this to work with tomcat (3.2) standalone.
Couldn't get it to work when using apache and tomcat together. From
an earlier post on this list got the impression this is because Apache
isn't aware of the web.xml settings for your app but don't take my
word for it.
You are of course also free to write your own custom RequestInterceptor.
I'm planning to write my own version of JDBCRealm so that it is capable of
handling encrypted passwords.
Hope this helps
Andrew
On Tue, 16 Jan 2001, you wrote:
> Thanks Michael,
>
> But I was thinking there might be a configuration file that does this. I
> think that would be a neater way of doing things than including an inlude
> file in all the pages. Can I write a servlet to which all my requests are
> directed before being passed on to the respective pages?
>
> Thanks,
>
> ----- Original Message -----
> From: "Michael Wentzel" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, 16 January 2001 6:11 PM
> Subject: RE: Web-site security
>
>
> > > How can i specify the default page for my site hosted on Tomcat on NT. I
> > want to specify a particular > file (say index.html) where all new
> sessions
> > are redirected. If a user types a valid url path to my
> > > site, specifying any oher file on my site, he/she should be rediected to
> > the index.html page. Only
> > > when he is logged on, should he be able to access the other pages on my
> > site.
> >
> > I'm sure there are probably other ways of handling this but we have a
> common
> > include file that consists of session checking code and redirects to
> > login.jsp if session is invalid, and this file is included on
> > all pages in our context.
> >
> >
> > ---
> > Michael Wentzel
> > Software Developer
> > <A HREF="http://www.aswethink.com">Software As We Think</A>
> > <A HREF="mailto:[EMAIL PROTECTED]">Michael Wentzel</A>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
--
===========================================
Andrew Robson
10 Bank Street
Glasgow G12 8JQ
Tel: (0141) 339 9970
Mobile: 07759 430234
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
