It looks like you have short-circuited Tomcat's security model and created your own. We have a Tomcat Security Overview and Analysis that might be of help at:
http://www.cafesoft.com/products/cams/tomcat-security.html
You might also reference the security section of the the servlet JSR:
http://www.jcp.org/aboutJava/communityprocess/first/jsr053/
Gary
Lior Shliechkorn wrote:
Hello,
I'm a bit confused about the whole security implementation in Tomcat. I'm using a webapp that has a Login.html page that posts information to a servlet that queries a database to authenticate the user. The values are then set into a bean, and each page checks the existance of the bean in order to enter that page.
If I want to add additional security, what would I do in the WEB.XML page in order to have it secured by tomcat?
Thanks,
Lior
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
-- Gary Gwin http://www.cafesoft.com
***************************************************************** * * * The Cafesoft Access Management System, Cams, is security * * software that provides single sign-on authentication and * * centralized access control for Apache, Tomcat, and custom * * resources. * * * ***************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>