Jeff Bischoff skrev den 03-11-2006 22:19:
I would consider a servlet filter which I currently use in an application where I have chosen not to use container authentification as the criteria for being able to use it, is that the entered userid and password are valid for letting the applciation connect to a backend.I have a simple intranet application. There is a public (no auth) section, and a secure section for logged-in users. My main requirement is simple. I want to force the users to authenticate (log in) before they access the restricted portion of the application. View paths to this portion are predictable (i.e. /public/* vs /system/*). Desired authorization scheme will be rather simple (e.g. admins, users, unauthenticated). I may want control-level access controls later, but I feel that a good approach to page-level authorization is the most important goal here.
You can analyse the URL which is requested, and if it belongs in the "protected" section simply redirect to a login page.
If you want I can show you how I do it. -- Thorbjørn
smime.p7s
Description: S/MIME Cryptographic Signature
