That depends more on your app design than nothing else; both ways are pretty
much costless (in orion).
JP
> -----Original Message-----
> From: Korosh Afshar [mailto:[EMAIL PROTECTED]]
> Sent: Lunes, 05 de Febrero de 2001 18:08
> To: Orion-Interest
> Subject: RE: Secured Page?
>
>
>
> which one would be a viable option for a client base of
> 3000-4000 users?
>
> can declaritive security be used in this fashion?
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Loftis
> Sent: Monday, February 05, 2001 12:07 PM
> To: Orion-Interest
> Subject: RE: Secured Page?
>
>
> There are two ways to handle this login solution: programatic and
> declarative security.
>
> With programatic security you could have your welcome.jsp
> check to see if a
> user variable (such as a username) has been set on the
> session object for a
> client, if it hasn't (i.e is null) then forward them to the
> login page.
> (you could also stick the string welcome.jsp into the session
> as the referer
> so you can redirect the login page back it after a successful login).
>
> With declarative security you can specify which pages are
> secure in your
> deployment descriptor for the application, and access to the pages, in
> relation to security, will be handled at container rather
> than application
> (as above) level. check the orion reference docs for how to do this.
>
> Hope this moves you in the right direction :)
>
> Steve
>
> -----Original Message-----
> From: Roland Dong [mailto:[EMAIL PROTECTED]]
> Sent: 05 February 2001 10:36
> To: Orion-Interest
> Subject: RE: Secured Page?
>
>
>
> I remember someone posted Login-related question recently. I
> have a newbie
> question on this.
>
> In my web application, I have login1.jsp which calls
> login2.jsp to handle
> the actual login process. I use JDBC-ODBC-Oracle to handle
> the database
> connection. If successfully logged in, the user will be
> "forwarded" to a
> welcome.jsp.
>
> I am wondering how could I secure welcome.jsp so that a user
> can ONLY access
> welcome.jsp by a successful login? I mean a user could just type in
> http://localhost:8080/examples/jsp/welcom.jsp, for example,
> to access it.
>
> Someone has metioned the secured page. Could someone explain?
> Where can I
> get the information or code example?
>
> Thanks a lot,
>
> Roland
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.mimesweeper.com
> **********************************************************************
>
>
>