Hello

I've developed a web-application in which I'd like to have some control of 
which resources are accessed by whom. My project is called "Server" in which 
I've got 3 directories: "/user" which all roles are allowed to access, "/admin" 
which ONLY administrators are allowed to access and "resources" in which I've 
got some files which users are allowed to read and administrators are allowed 
to both read and write.

I'm using a FORM to login. The form action is "POST" and the action is 
"j_security_check", the username field's name is "j_username" and the password 
field's is "j_password".
I've implemented a security-check in the jsp-file itself where I'm checking for 
the type of login the current user has. If the type is aproved then the user is 
allowed to access the page.

But when I test the application and try to access the files in the other 
library then I've got access no matter what. This wasn't the intension. 

I've tried to follow several tutorials online but no matter what I can't get it 
to work ouf the right way.

I've tried to configure the web.xml manually but it doesn't work. I've tried to 
use the "manager" through the browser but that doesn't seem to deliver the 
possibility to setup those restriction.

Can somebody please give me a detailed walkthrough on how to achieve this?

I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very much in 
advance!

Best regards,
Kenneth Andersen
k_k_ander...@hotmail.com
                                          

Reply via email to