Andres Ledesma wrote:

> Hi,
>
> I have not much experience with jsp, but I do not think this is the right way
> of doing that, your app have not to be inside WEB-INF.
>
> To prevent people accessing your pages, you check the user session, if for
> example, this pages can be view only by registered users only after a login,
> or something that is already there by I do not know very well, but I you can
> do a little research by yourself are the filters.
>

I thought about that... and I would like to set up a role in
tomcat-users to accomplish that. However, I don't want the user to have
to log in, rather I want to have my "guard" servlet authenticate the
user and then forward the request with the role filled in
programmatically. However, I can't find in the docs how Tomcat knows
whether the user has logged in yet, so I can't programmatically fill in
the user name.

Can someone direct me to the documentation (or source code) that looks
for the user/role?

Thanks!



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)