How about placing a flag in the session, which every JSP (or hopefully your controller servlet) checks for first.
If it finds the flag (say "loggedIn") then it continues processing. If it doesn't, it redirects to the login servlet. The login servlet would then place the "loggedIn" flag into the session, and either send them to /index or to the page they were trying to access before (which you cleverly provided as a parameter when you redirected to the login servlet). -----Original Message----- From: Gerry Duhig [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 11:16 AM To: [EMAIL PROTECTED] Subject: Securing access to pages This is an old question to which I had an answer that worked under 3.2.3 but now fails under 4.0.1 Using Tomcat embedded in JBoss, I want to secure access to a certain set of pages and use the JBoss security system to carry out the authentication. Standard stuff. But, as well as going through the JBoss security check I want to force a user to also go through my own Login servlet. If users only ever start at /index.htm this is easy, but if they remember and try to come back in half way down the site, the JBoss security works, but I need to "insert" a redirect to my login servlet. Does anyone know how to do this? Thanks Gerry -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
