There are a couple of solutions to this. The first one is for you to use
the session object, setting a value in your login servlet that all the rest
of the pages look for before displaying their content. This is the
servlet-way of doing it and you'll find support on this list and in the
archives.
Second, is to use a 3rd party single-sign-on product. I don't know of any
that work with Jigsaw, so you'd probably have to switch to Netscape or
Microsoft's web servers. In this case, you'd probably eliminate your login
servlet and set up your security in the 3rd party product's own proprietary
fashion. This is usually very secure because I understand that these
products run as server plug-ins, intercepting every HTTP request and
authenticating/authorizing. You'd have to go elsewhere for support on this
approach.
Best,
Steven
> -----Original Message-----
> From:
> Sent: Monday, June 05, 2000 6:21 PM
> Subject: regarding web security..
>
>
> Received: from pmismtp04.wcomnet.com ([166.38.62.39]) by
> omta3.mcit.com
> (InterMail v03.02.07.05 118-131) with ESMTP
> id <[EMAIL PROTECTED]>;
> Mon, 5 Jun 2000 20:46:36 +0000
> Received: from CONVERSION-DAEMON by pmismtp04.wcomnet.com
> (PMDF V5.2-33 #42258)
> id <[EMAIL PROTECTED]>; Mon,
> 5 Jun 2000 20:41:44 +0000 (GMT)
> Received: from pmismtp04.wcomnet.com by pmismtp04.wcomnet.com
> (PMDF V5.2-33 #42258) with SMTP id
> <[EMAIL PROTECTED]>;
> Mon, 05 Jun 2000 20:41:43 +0000 (GMT)
> Received: from pmesmtp02.wcom.com ([199.249.20.2])
> by pmismtp04.wcomnet.com (PMDF V5.2-33 #42258)
> with ESMTP id <[EMAIL PROTECTED]>; Mon,
> 05 Jun 2000 20:41:24 +0000 (GMT)
> Received: from CONVERSION-DAEMON by firewall.mcit.com (PMDF
> V5.2-32 #42257)
> id <[EMAIL PROTECTED]>; Mon, 05 Jun 2000
> 20:45:31 +0000 (GMT)
> Received: from mail.java.sun.com ([204.160.241.28])
> by firewall.mcit.com (PMDF V5.2-32 #42257)
> with ESMTP id <[EMAIL PROTECTED]>; Mon,
> 05 Jun 2000 20:45:31 +0000 (GMT)
> Received: from mail (mail.java.sun.com [204.160.241.28])
> by mail.java.sun.com (8.10.0.Beta13+Sun/8.10.0.Beta13)
> with ESMTP id e55KXrV08571; Mon, 05 Jun 2000 13:33:53 -0700 (PDT)
> Received: from JAVA.SUN.COM by JAVA.SUN.COM (LISTSERV-TCP/IP
> release 1.8d)
> with spool id 395630 for [EMAIL PROTECTED]; Mon,
> 05 Jun 2000 13:33:51 -0700
> Received: from easi.soft.net. (server.easi.soft.net [164.164.23.5])
> by mail.java.sun.com (8.10.0.Beta13+Sun/8.10.0.Beta13)
> with ESMTP id e55KNkV02956 for <[EMAIL PROTECTED]>; Mon,
> 05 Jun 2000 13:23:47 -0700 (PDT)
> Received: from easi.soft.net ([209.142.252.173])
> by easi.soft.net. (8.8.8/8.8.8) with ESMTP id BAA30956 for
> <[EMAIL PROTECTED]>; Tue, 06 Jun 2000 01:54:33 +0530
> Date: Mon, 05 Jun 2000 16:21:18 -0700
> From: gsuresh <[EMAIL PROTECTED]>
> Subject: regarding web security..
> Sender:
> "A mailing list for discussion about Sun Microsystem's Java
> Servlet API Technology."
> <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Reply-to:
> "A mailing list for discussion about Sun Microsystem's Java
> Servlet API
> Technology." <[EMAIL PROTECTED]>
> Message-id: <[EMAIL PROTECTED]>
> MIME-version: 1.0
> X-Mailer: Mozilla 4.73 [en] (Win98; U)
> Content-type: text/plain; charset=x-user-defined
> Content-transfer-encoding: 8bit
> X-Accept-Language: en,Tamil
> References: <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>
>
> Hi all,
> Currently i am working in providing security for Intranet
> of the company. I
> am using Jigsaw for developement.
> Intranet has 100's of pages, I don't want anyone to view
> any of the pages
> withou logging into the servlet. Now if the user knows the
> url of any of the
> page directly he is able to view that by directly typing in that.
> for ex:
> If my login servlet is list
http://example:8001/servlet/IntranetMain and if
the user types in this and does the operations he is able to view the pages.
But if he know the url of the particular page then he can directly typin as
http://example:80011/servlet/xxx/xx/yy.html
which also displays him the page directly.
I need immediate reply from any one whose has idea about this, i am in
urgent
need of the solution.
with regards,
suresh kumar.G
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
