You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by John MccLain <jm...@tcshealthcare.com> on 2004/02/24 18:46:42 UTC

securing a jsp page

Can a jsp page be secured with role / user based access? If so, then what if
it is redirected to from inside a servlet or other jsp page?


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: securing a jsp page

Posted by Mike Curwen <gb...@gb-im.com>.

Yes, if you place your JSP's inside certain folder, you can secure the
path to the jsp.
 
eg:

webapp
|- unsecure
|....|- unsecured.jsp
|- admin
|....|- secure_this_with_admin_role.jsp
|- super_admin
|....|- secure_this_with_super_admin_role.jsp
 
As for redirection, I think if you're redirecting to a secured URI, then
you should get authenticated.  But not if you .forward() or .include().


> -----Original Message-----
> From: John MccLain [mailto:jmcclain@tcshealthcare.com] 
> Sent: Tuesday, February 24, 2004 11:47 AM
> To: Tomcat user list
> Subject: securing a jsp page
> 
> 
> Can a jsp page be secured with role / user based access? If 
> so, then what if it is redirected to from inside a servlet or 
> other jsp page?
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org