You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John MccLain <jm...@tcshealthcare.com> on 2004/02/24 18:46:42 UTC
securing a jsp page
Can a jsp page be secured with role / user based access? If so, then what if
it is redirected to from inside a servlet or other jsp page?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: securing a jsp page
Posted by Mike Curwen <gb...@gb-im.com>.
Yes, if you place your JSP's inside certain folder, you can secure the
path to the jsp.
eg:
webapp
|- unsecure
|....|- unsecured.jsp
|- admin
|....|- secure_this_with_admin_role.jsp
|- super_admin
|....|- secure_this_with_super_admin_role.jsp
As for redirection, I think if you're redirecting to a secured URI, then
you should get authenticated. But not if you .forward() or .include().
> -----Original Message-----
> From: John MccLain [mailto:jmcclain@tcshealthcare.com]
> Sent: Tuesday, February 24, 2004 11:47 AM
> To: Tomcat user list
> Subject: securing a jsp page
>
>
> Can a jsp page be secured with role / user based access? If
> so, then what if it is redirected to from inside a servlet or
> other jsp page?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org