struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mike.w...@honeywell.com
Subject RE: Login and security checks
Date Fri, 13 Jun 2003 20:17:52 GMT
Thanks for the replies Shunhui, Erik, Tero, and Chris.  Very helpful
suggestions.

Mike

-----Original Message-----
From: szhu@SonicWALL.com [mailto:szhu@SonicWALL.com]
Sent: Friday, June 13, 2003 2:59 PM
To: struts-user@jakarta.apache.org
Subject: RE: Login and security checks


Here's how I do it: use a servlet filter to handle login. Put all your
secured (those requiring login) in a subfolder, and map the filter to
that folder. In this way, the user can browse anywhere except when he/she
comes to any page in the proteced folder, at that time he/she will be
redirected to the login page.

Shunhui

-----Original Message-----
From: mike.witt@honeywell.com [mailto:mike.witt@honeywell.com]
Sent: Friday, June 13, 2003 11:52 AM
To: struts-user@jakarta.apache.org
Subject: Login and security checks


I'm currently working on a web app which will be available publicly.  In the
past I've secured my webapp using Tomcat's form based security.  This works
fine if you require a user to log in as soon as the webapp is initiated (as
is the case with most internal web apps).  However, with my current webapp
there is definitely a need for browsing before creating a user id. How can I
organize my webapp so that some of the content is available to anybody, but
other parts can only be done when the user logs in?  This may also be tied
into when to use http and when to use https.  Any hints or links are
welcome.

Mike Witt

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message