Hello
I've developed a web-application in which I'd like to have some control of
which resources are accessed by whom. My project is called "Server" in which
I've got 3 directories: "/user" which all roles are allowed to access, "/admin"
which ONLY administrators are allowed to access and "resources" in which I've
got some files which users are allowed to read and administrators are allowed
to both read and write.
I'm using a FORM to login. The form action is "POST" and the action is
"j_security_check", the username field's name is "j_username" and the password
field's is "j_password".
I've implemented a security-check in the jsp-file itself where I'm checking for
the type of login the current user has. If the type is aproved then the user is
allowed to access the page.
But when I test the application and try to access the files in the other
library then I've got access no matter what. This wasn't the intension.
I've tried to follow several tutorials online but no matter what I can't get it
to work ouf the right way.
I've tried to configure the web.xml manually but it doesn't work. I've tried to
use the "manager" through the browser but that doesn't seem to deliver the
possibility to setup those restriction.
Can somebody please give me a detailed walkthrough on how to achieve this?
I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very much in
advance!
Best regards,
Kenneth Andersen
k_k_ander...@hotmail.com
