RE: Secured Page?

Mon, 05 Feb 2001 13:04:53 -0800 


which one would be a viable option for a client base of 3000-4000 users?

can declaritive security be used in this fashion?

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Loftis
Sent: Monday, February 05, 2001 12:07 PM
To: Orion-Interest
Subject: RE: Secured Page?


There are two ways to handle this login solution: programatic and
declarative security.

With programatic security you could have your welcome.jsp check to see if a
user variable (such as a username) has been set on the session object for a
client, if it hasn't (i.e is null) then forward them to the login page.
(you could also stick the string welcome.jsp into the session as the referer
so you can redirect the login page back it after a successful login).

With declarative security you can specify which pages are secure in your
deployment descriptor for the application, and access to the pages, in
relation to security, will be handled at container rather than application
(as above) level.  check the orion reference docs for how to do this.

Hope this moves you in the right direction :)

Steve

-----Original Message-----
From: Roland Dong [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2001 10:36
To: Orion-Interest
Subject: RE: Secured Page?



I remember someone posted Login-related question recently. I have a newbie
question on this.

In my web application, I have login1.jsp which calls login2.jsp to handle
the actual login process.  I use JDBC-ODBC-Oracle to handle the database
connection. If  successfully logged in, the user will be "forwarded" to a
welcome.jsp.

I am wondering how could I secure welcome.jsp so that a user can ONLY access
welcome.jsp by a successful login?  I mean a user could just type in
http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it.

Someone has metioned the secured page. Could someone explain? Where can I
get the information or code example?

Thanks a lot,

Roland

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

Reply via email to