Put this at the begining of your doPost() or doGet():
HttpSession session = req.getSession(false);
// check if session expired or new.
if (session == null || session.isNew())
{
//redirect here
return;
}
--- Gerry Duhig <[EMAIL PROTECTED]> wrote:
> This is an old question to which I had an answer
> that worked under 3.2.3 but now fails under 4.0.1
>
> Using Tomcat embedded in JBoss, I want to secure
> access to a certain set of pages and use the JBoss
> security system to carry out the authentication.
>
> Standard stuff. But, as well as going through the
> JBoss security check I want to force a user to also
> go through my own Login servlet.
>
> If users only ever start at /index.htm this is easy,
> but if they remember and try to come back in half
> way down the site, the JBoss security works, but I
> need to "insert" a redirect to my login servlet.
>
> Does anyone know how to do this?
>
> Thanks
>
> Gerry
>
>
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
