Hi all, I thought that once an user is authenticated, using the session object at the head of each page, should be nearly a default way to ensure only allowed user can navigate the 'secured pages'.
I'm relatively new to JSP/ Servlet programming, so more than an answer, I guess mine is a query too. On 11/5/05, Mark Thomas <[EMAIL PROTECTED]> wrote: > > Why not just specify the protected pages in your web.xml and let > Tomcat do this for you? > > If that isn't flexible enough, I would do this as a servlet > filter. > > Mark > > Dola Woolfe wrote: > > Hi, > > > > I'm adding a level of security to my web applicaiton. > > Certain pages are only available to certain users. > > So the page first checks wither the user is authorized > > to view it. If yes, it displays the page. Otherwise it > > offers to login. > > > > I don't want to do this with a (short) "if" and a > > (long) "then" so I throw a MyAuthenticationException > > and in ErrorPage.jsp have code: if (exception > > instanceof MyAuthenticationException) > > forward-to-login-page. (This saves me from having a > > big "then" block on every page.) > > > > Is it a good idea to handle flow this way? > > > > Thanks! > > > > Dola > > > > > > > > __________________________________ > > Start your day with Yahoo! - Make it your home page! > > http://www.yahoo.com/r/hs > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
