Howdy,

>Yes; but I don't want to check for whether user is logged in or not in
>every page... I want the page to only be accessible to a logged in
user.
>   Basically I want single sign on; the webapp should not be
accessible
>at all except to an authenticated user.

I may have missed the earlier discussion, but what's wrong with a filter
(mapped to /* or *.jsp perhaps) that checks the session for the presence
of an authentication token? Did you already consider and dismiss this
approach for other reasons?

Yoav Shapira
Millennium ChemInformatics




This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)