I'm confused.
>>> I don't want the user to have to log in, ...
>>> I can't find in the docs how Tomcat knows whether the user has logged in yet,
Question: Do you want your users to log in or not--nevermind who does it?
>>> I want to have my "guard" servlet authenticate the user
How is that different from log in? Regardless of what you call it or whether it's
done by a JSP page or a servlet, the user is going to have to identify himself to the
guard servlet--and that's logbin, even if the phrase "log in" is never shown to the
user.
In my own application, each of the JSP pages that needs the user to be logged in
before coming to the page start with this:
<%
if (Util.verifyLogin(session, response)) {
// then we are logged in
... // other Java code needed for the page initialization
%>
... <!-- the JSP page itself -->
<% }//then logged in %>
If Util.verifyLogin() determine--in whatever manner--that the user is not yet logged
in, it redirected to the login page (or whatever you are using to determine who the
user is) and returns false. It it returns false, the rest of the JSP page is skipped,
since the loggin page is being displayed.
In my case, Util.verifyLogin() determines that the user is logged in by checking that
session is not null and that a certain session attribute set by the login servlet is
not null.
In servlets, the test is
if (Util.verifyLogin(session, response)) { return; }
Merrill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
