Januski, Ken wrote:
Oh, I didn't realize you were still trying to directly access the JSPs after login. I made the assumption that you were only using the "forward" method of RequestDispatcher to forward to those JSPs from your servlets.Hmm. I got a 404 error after moving one jsp file to WEB-INF and trying to directly access it. That's not great but at least it prevents access. Worse though is that when I then try to go to page after having logged in I get a "root cause: file not found error". So it looks to me like you can't move your .jsp files out of the root web-app directory. Can anyone shed any more light on this?
If you need to allow those JSPs to be directly accessed via HTTP requests, my solution won't work. Perhaps you can move them to a subfolder (not WEB-INF) and map a filter to it which only calls doFilterChain() if the user has a valid session and is "logged in"? If the subfolder was called "/protected", you could use the URL pattern "/protected/*" as your filter mapping.
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
