Yes, if you place your JSP's inside certain folder, you can secure the path to the jsp. eg:
webapp |- unsecure |....|- unsecured.jsp |- admin |....|- secure_this_with_admin_role.jsp |- super_admin |....|- secure_this_with_super_admin_role.jsp As for redirection, I think if you're redirecting to a secured URI, then you should get authenticated. But not if you .forward() or .include(). > -----Original Message----- > From: John MccLain [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 24, 2004 11:47 AM > To: Tomcat user list > Subject: securing a jsp page > > > Can a jsp page be secured with role / user based access? If > so, then what if it is redirected to from inside a servlet or > other jsp page? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
