Hi, We have 3 web-apps deployed. 2 of them must require a login. However, anyone can directly type in a URL to either of these two web-apps..any of the pages, and see them. I use an MVC framework and am able to head off any calls through the MVC, but this doesn't prevent anyone from accessing any images, jsp, html pages etc directly by typing in the URL. I am deploying as a WAR file, J2EE Servlet 2.2 container. I am using servlet mappings, but I am not sure if there is a way to force ALL /inside and /admin path context requests to go through a "Central" servlet first. By this I mean all requests including images, what not. That way, if the user is not logged in, I can flag this and take them to a login page. Also, if they try to access any resources that do not exist..I'd like a way to let them know in a nice manner without the popular 404 or 500 errors. Thanks. =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
