Hi, I have a web-app that defines different roles, so a user do not have access to all jsp/servlets in the web-app. Depending on his role. An admin user e.g. can see pages to edit data, while a 'normal' user can only view it.
What's the best way to enforce this security? I am no doing it by storing the user object (once logged in) in the session and per jsp/servlet checking his status as the very first action. Its works well, so should I keep this or move to using a realm? If I do move to a Realm, I assume I would have to set up a security constraint for every jsp/servlet (or groups thereof? Any hints & tips to optimize this? Thanks __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
