Hello I've developed a web-application in which I'd like to have some control of which resources are accessed by whom. My project is called "Server" in which I've got 3 directories: "/user" which all roles are allowed to access, "/admin" which ONLY administrators are allowed to access and "resources" in which I've got some files which users are allowed to read and administrators are allowed to both read and write.
I'm using a FORM to login. The form action is "POST" and the action is "j_security_check", the username field's name is "j_username" and the password field's is "j_password". I've implemented a security-check in the jsp-file itself where I'm checking for the type of login the current user has. If the type is aproved then the user is allowed to access the page. But when I test the application and try to access the files in the other library then I've got access no matter what. This wasn't the intension. I've tried to follow several tutorials online but no matter what I can't get it to work ouf the right way. I've tried to configure the web.xml manually but it doesn't work. I've tried to use the "manager" through the browser but that doesn't seem to deliver the possibility to setup those restriction. Can somebody please give me a detailed walkthrough on how to achieve this? I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very much in advance! Best regards, Kenneth Andersen k_k_ander...@hotmail.com