In essence, your jsp is 'separated' from your controller servlet. 1. You can either plug-in the validation mechanism on top of each jsp page such that each jsp page talks to the servlet before processing (but i presume you wouldn't want this). 2. You can use JDBC Authentication Realm. Check http://tomcat.mslinn.com/tomcat/realms.html and http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRealm for more information.
?manav. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nihita Goel Sent: Friday, March 21, 2003 12:59 PM To: Tomcat Users List Subject: Setting up permissions for jsp directory I have an application where I have a single controller servet receiving requests and then calling the appropriate jsp pages. I have Java classes to be used by both the servlet and jsp's. These Java Bean clasees are for database interaction. I also need to maintain session. I am using these Java Beans with application scope. The general flow is: 1. The controller servlet receives the request. 2. Checks for the session state using session object.// Basically validates if the user is logged -in 3. Instantiate the bean class and get setter methods of java Beans to fetch data from database.// application scope. 4. If user is logged -in calls the appropriate JSP Page 5. The JSP Page display the information using the Bean. The problem is - it seems to be working fine if the user follows the normal flow. However if he directly goes and access the jsp page thru the url he is still able to get it. How do I configure TomCat to disallow access to the directory where I am keeping the jsp pages. I am using Tomcat 4.1.18. Any other idea ?? Regards N-Goel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
