Re: Restricting resources on web server

Fri, 06 Jul 2001 00:55:48 -0700 

One method, is to have a successful login via Login.jsp put a bit of
information in the current session. All pages you want protecting would then
check this session information to see if the user is logged in. If not, then
the user gets redirected to the login.jsp page, and once being logged in
would be returned. You could stick this in a tag I guess. This is outlined
for servlets in the programming servlets O'Reily book. Alternatively you
could use the BASIC authentication supported directly by Tomcat - using a
security-constraint you can force a user to login before accessing any files
in a given directory structure. However unlike apache tomcat only supports
user details being stored in a plain xml file.
I can give some  more specific help if you need it...

sam
----- Original Message -----
From: "Rajehswar V. Rao" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 06, 2001 6:38 AM
Subject: Restricting resources on web server


> Hi all,
> How can i restrict resources like Servlets/JSPs from unauthenticated users
> under Tomcat envoronment...
> I posted this Q in tomcat users list ...but got no good reponse...
> my crieteria is like this...
>
> I have 10 JSPs under webapps/myCon/jsp folder in Tomcat..
> One of them is Login.jsp...which does authentication of user...
> i check the username and password(i get these values from form) against
DB..
> Once the user is authenticated only...I want to give access to remaining
> JSPs..
> But he/she should not access any JSP unless authenticated by Login.jsp...
>
> Any help would be appriciated...
>
> -raj-
> A servlet geek
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to