We had that in one application which was servlet controlled. Our second application started life as largely html pages so it was tricky to use this approach and it didn't appear to be necessary. Now I am tending towards your approach since I can't get this way to work.
Thanks Gerry ----- Original Message ----- From: "Mike Curwen" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, January 10, 2002 5:26 PM Subject: RE: Securing access to pages > How about placing a flag in the session, which every JSP (or hopefully your > controller servlet) checks for first. > > If it finds the flag (say "loggedIn") then it continues processing. If it > doesn't, it redirects to the login servlet. The login servlet would then > place the "loggedIn" flag into the session, and either send them to /index > or to the page they were trying to access before (which you cleverly > provided as a parameter when you redirected to the login servlet). > > > -----Original Message----- > From: Gerry Duhig [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 10, 2002 11:16 AM > To: [EMAIL PROTECTED] > Subject: Securing access to pages > > > This is an old question to which I had an answer that worked under 3.2.3 but > now fails under 4.0.1 > > Using Tomcat embedded in JBoss, I want to secure access to a certain set of > pages and use the JBoss security system to carry out the authentication. > > Standard stuff. But, as well as going through the JBoss security check I > want to force a user to also go through my own Login servlet. > > If users only ever start at /index.htm this is easy, but if they remember > and try to come back in half way down the site, the JBoss security works, > but I need to "insert" a redirect to my login servlet. > > Does anyone know how to do this? > > Thanks > > Gerry > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
