Hi Kumar
I am still in the design stages, so I can't give my web.xml example at the moment. However the scenario is this, the application is for teachers
testing students so whenever a teacher logs in the page they see must be different to when the student logs in, and when the student logs in they should not be able to access the teacher's servlets or jsps.
My current thinking is to implement authentication myself and to have all
requests to the app come through one servlet that authenticates (when details entered by user from index.jsp) and then based on roles found during authentication the
request is delegated to an object to process the
request. For future
requests, the
request would come through the same single servlet where the authority for the user is checked before delegating the
request to an object to process. This seems simple enough to do, but I'm not too sure if it's a good idea to implement all security myself.
Marten
teacher/educator and a one idea java programmer - first go about 10 years ago looked promising and attracted angel funding, pulled out because code was too crufty, now having a second part time go being poorer yet the wiser.
Writes R script in day job :-(