• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

single page rentry point in web application using servlet

Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am trying to understand , lets see i have a web page with login.jsp and once i do successfuly login

login.jsp page then go to next page. like student.jsp or student.do

so i wnat if someone accidently entered directly student.do without login then student.do page should re-direct to login.jsp if login was not previously done.

how can i achive this in web.xml , what are the change i need to do.

Posts: 67265
Mac Mac OS X IntelliJ IDE jQuery Java
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can also use <security-constraints> in your web.xml
Posts: 114
Spring Tomcat Server Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One option is to use form based authentication as in the following:

Define in the web.xml a login.html page and an error page that is displayed if the username and password is incorrect.

Defining roles

This can be done in the <role> element in tomcat-users.xml.

Define the security roles in the web.xml using the <security-role> element.

All roles must be declared in order to be used in the web.xml and the component code. Each <security-role> tag can contain only one <role-name>.

Defining resource and method constraints

Roles declaration in annotations

Or you could do the same via annotations.

These annotations have the same purpose as those defined in the deployment descriptor but apply to just the servlet on which they are declared. Roles can be declared on any servlet implementing the javax.servlet.Servlet interface.

This annotation is specified on a class, and it is typically used to define roles that could be tested (for example, by calling isUserInRole) from within the methods of the annotated class. This annotation is not used to link application roles to other roles. When such linking is necessary, it is accomplished by defining an appropriate security-role-ref in the associated deployment descriptor. When a call is made to isUserInRole from the annotated class, the caller identity associated with the invocation of the class is tested for membership in the role with the same name as the argument to isUserInRole. If a security-role-ref has been defined for the argument role-name, the caller is tested for membership in the role mapped to the role-name.

Now when someone visits UserServlet/student.jsp or any of it subdirectories they will be directed to the login.html page if they are not currently logged in.

Prabhat Ranjan
Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks , this is have done before using tomcat-users.xml and providing the roles in web.xml using security constraint , but it prompts every time we hit the login page.
Police line, do not cross. Well, this tiny ad can go through:
how do I do my own kindle-like thing - without amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!